Kerberos deserves its own topic rather than mixing in with the Smalltalk Argument one that now stands at 53 posts. Hopefully I've managed to extract pertinent parts of this thread.
On Thu, Oct 26, 2017 at 3:14 PM, p...@highoctane.be <p...@highoctane.be> wrote: > Sure. Current main issue is to have Pharo work with Kerberos as secured > Hadoop uses the UGI (UserGroupInformation) thing and that is a black hole > of crypto things. > > How would you see ParrotTalk work? > > I made a XmppTalk thing (binding for libstrophe) for having Pharo images > and other stuff talk together (currently using OpenFire/Gajim/Profanity) > FWIW > > See https://docs.google.com/presentation/d/1HTG3GB3xdwlje8wADZPjUQNIyA6tm > uxyZz1UaX5ikEU/edit?usp=sharing > > libstrophe does the SSL thing under the hood (using OpenSSL) and is > actively maintained. > https://github.com/strophe/libstrophe/blob/master/src/tls_openssl.c > > And I currently work with Kafka so, Pharo as a consumer or producer, sure > am interested. But need Kerberos support. > > Tell me more about your vision. Even better, draw it in some way :-) > > Phil > On Thu, Oct 26, 2017 at 8:52 PM, henry <he...@callistohouse.club> wrote: > Perhaps not, or not yet. Perhaps it is the communications foundation for > an always-on cloud/bigData control layer. > > I would position ParrotTalk as a Kerberos transport. ParrotTalk does > 2048-bin key negotiation and subsequent encryption/encoding, both > user-supplied. > > Please see the attached diagram, co-locating ParrotTalk with my other > components. > > ParrotTalk does not do user authentication/authorization. Which means to > me that I should consider Kerberos authorization/authentication to > establish as an integratable transport to play in bigData. > > This means you still need a Kerberos client and I need a Kerberos client. > How do we start? > > - HH > > PS: I did much work integrating Kafka into a framework. I was thinking of > inserting msg sending replication to a partition count of replicate queues > for sending and receiving Hubbub traffic, thus inserting right where > Kerberos is in the diagram. I would love to see client coupling for > Kerberos, Kafka and Hadoop, while I figure out proper security to make that > group happy with this as a possible control layer solution, forking off > jobs. > On Thu, Oct 26, 2017 at 9:15 PM, henry <he...@callistohouse.club> wrote: > I think another good service to integrate well to is Elastic Search. > > Of the 4 types of integration, I vote for and step forward to volunteer to > help Kerberos integration in Pharo. What to do? > > On Thu, Oct 26, 2017 at 10:38 PM, henry <he...@callistohouse.club> wrote: > A Kerberos effort will have to be a group effort. Sideways to my main > focus and your all’s main focii. On Thu, Oct 26, 2017 at 11:39 PM, Paulo R. Dellani <dell...@pobox.com> wrote: > This all sounds very interesting. What is the idea? Wrap libkrb5 through > UFFI or implement it in Smalltalk? > On Fri, Oct 27, 2017 at 6:06 AM, p...@highoctane.be <p...@highoctane.be> wrote: > There are two key Kerberos implementations one can use with Hadoop. > > One is the FreeIpa/RedHat IdM. > The other is ActiveDirectory. > > I am using FreeIPA which bundles MIT Kerberos/389/sssd and more for making > a CA etc. Works wonderfullý well. > > AD is well ... part of the corporate landdscape. > > Most of Kerberos needs are done with Java in Hadoop. But details are > buried in private Sun classes.. > > Google Madness beyond the gate hadoop for some Lovecraftian quotes > describing the situation along educated info. > > Phil > > On Thu, Oct 26, 2017 at 6:23 PM, henry <he...@callistohouse.club> wrote: > >> I have no idea which is best. For being able to say we use industry >> standard Kerberos, calling an accepted implementation seems wise, like >> OpenSSL support. > > On Sat, Oct 28, 2017 at 4:51 AM, henry <he...@callistohouse.club> wrote: > How about Kerberos? Can we get a team to look closely at bringing > integration for enterprise users? That would be helpful, or can you just > put it behind a Kerberos wrapper? If that would work, collecting a demo, > that could unlock more corporate wallets , for investment. > > - HH >
