Password Authenticator
openLooKeng supports authentication with a username and password via a custom password authenticator that validates the credentials and creates a principal.
Implementation
PasswordAuthenticatorFactory
is responsible for creating a PasswordAuthenticator
instance. It also defines the name of this authenticator which is used by the administrator in a openLooKeng configuration.
PasswordAuthenticator
contains a single method, createAuthenticatedPrincipal()
, that validates the credential and returns a Principal
, which is then authorized by the system-access-control
.
The implementation of PasswordAuthenticatorFactory
must be wrapped as a plugin and installed on the openLooKeng cluster.
Configuration
After a plugin that implements PasswordAuthenticatorFactory
has been installed on the coordinator, it is configured using an etc/password-authenticator.properties
file. All of the properties other than access-control.name
are specific to the PasswordAuthenticatorFactory
implementation.
The password-authenticator.name
property is used by openLooKeng to find a registered PasswordAuthenticatorFactory
based on the name returned by PasswordAuthenticatorFactory.getName()
. The remaining properties are passed as a map to PasswordAuthenticatorFactory.create()
.
Example configuration file:
password-authenticator.name=custom-access-control
custom-property1=custom-value1
custom-property2=custom-value2
Additionally, the coordinator must be configured to use password authentication and have HTTPS enabled.