[jira] [Created] (ZEPPELIN-4121) please improve kerberos support

["Charles Hedrick (JIRA)" <ji...@apache.org>]

Charles Hedrick created ZEPPELIN-4121:
-----------------------------------------

             Summary: please improve kerberos support
                 Key: ZEPPELIN-4121
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-4121
             Project: Zeppelin
          Issue Type: New Feature
          Components: Interpreters
    Affects Versions: 0.8.0
            Reporter: Charles Hedrick


In some sense, Zeppelin supports Kerberos just fine. But in our environment (a multiuser student system) we need students to run as themselves. Also, their home directories are Kerberized, so we need them to have valid Kerberos tickets.

I'm currently setting up shiro to use PAM. PAM will generate Kerberos tickets. But they have to be renewed. THere seems to be no limit to how long a login session can work, but at 24 hours, their Kerberos ticket will expire. 

The friendliest think would be to run something every N hours during a session to renew their credentials (or let us specify a script to do it). But at the very least, we need a way to tell what users are currently logged in, so we can run a cron job to do renewals. Normally we can do it with the equivalent of "ps", but if there are no interprets running, there's no obvious way to know who is logged in. One reasonable solution would be an API call that shows all current sessions, with the user for each. A simple list of current users would be OK, but I'd rather have real session information so I can understand whether session management is working, and probably an API call to kill a session in case I'd like to do session management myself.

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)