Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Restricted Task | |||||
Open | None | T250484 Add authentication and encryption to Druid Analytics clients | |||
Open | None | T250485 Verify if Turnilo can pull data from Druid using Kerberos/TLS |
Event Timeline
Comment Actions
There seems to be no support for Kerberos/TLS in Turnilo, see https://github.com/allegro/turnilo/issues/263
Some code will likely need to created and/or upstream convinced about doing it :)
The idea would be to:
- authenticate the user via LDAP/CAS in httpd
- get the username via header, and then use it to authenticate to Druid (impersonating the user). Turnilo will have to become an hadoop proxy and hold a kerberos keytab.