openLooKeng supports authentication with a username and password via a custom password authenticator that validates the credentials and creates a principal.
PasswordAuthenticatorFactory is responsible for creating a
PasswordAuthenticator instance. It also defines the name of this authenticator which is used by the administrator in a openLooKeng configuration.
PasswordAuthenticator contains a single method,
createAuthenticatedPrincipal(), that validates the credential and returns a
Principal, which is then authorized by the
The implementation of
PasswordAuthenticatorFactory must be wrapped as a plugin and installed on the openLooKeng cluster.
After a plugin that implements
PasswordAuthenticatorFactory has been installed on the coordinator, it is configured using an
etc/password-authenticator.properties file. All of the properties other than
access-control.name are specific to the
password-authenticator.name property is used by openLooKeng to find a registered
PasswordAuthenticatorFactory based on the name returned by
PasswordAuthenticatorFactory.getName(). The remaining properties are passed as a map to
Example configuration file:
password-authenticator.name=custom-access-control custom-property1=custom-value1 custom-property2=custom-value2
Additionally, the coordinator must be configured to use password authentication and have HTTPS enabled.