Author: atm
Date: Wed Sep 21 17:28:48 2011
New Revision: 1173770
URL: http://svn.apache.org/viewvc?rev=1173770&view=rev
Log:
HADOOP-7665. branch-0.20-security doesn't include SPNEGO settings in core-default.xml (atm)
Modified:
hadoop/common/branches/branch-0.20-security/CHANGES.txt
hadoop/common/branches/branch-0.20-security/src/core/core-default.xml
Modified: hadoop/common/branches/branch-0.20-security/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security/CHANGES.txt?rev=1173770&r1=1173769&r2=1173770&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security/CHANGES.txt (original)
+++ hadoop/common/branches/branch-0.20-security/CHANGES.txt Wed Sep 21 17:28:48 2011
@@ -10,6 +10,9 @@ Release 0.20.206.0 - unreleased
HADOOP-7634. Docs specify wrong owner for task-controller.cfg (eli)
+ HADOOP-7665. branch-0.20-security doesn't include SPNEGO settings in
+ core-default.xml (atm)
+
IMPROVEMENTS
MAPREDUCE-2836. Provide option to fail jobs when submitted to
Modified: hadoop/common/branches/branch-0.20-security/src/core/core-default.xml
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security/src/core/core-default.xml?rev=1173770&r1=1173769&r2=1173770&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security/src/core/core-default.xml (original)
+++ hadoop/common/branches/branch-0.20-security/src/core/core-default.xml Wed Sep 21 17:28:48
2011
@@ -471,5 +471,73 @@
the timeout for an entry in that cache. </description>
</property>
+<!-- HTTP web-consoles Authentication -->
+
+<property>
+ <name>hadoop.http.authentication.type</name>
+ <value>simple</value>
+ <description>
+ Defines authentication used for Oozie HTTP endpoint.
+ Supported values are: simple | kerberos | #AUTHENTICATION_HANDLER_CLASSNAME#
+ </description>
+</property>
+
+<property>
+ <name>hadoop.http.authentication.token.validity</name>
+ <value>36000</value>
+ <description>
+ Indicates how long (in seconds) an authentication token is valid before it has
+ to be renewed.
+ </description>
+</property>
+
+<property>
+ <name>hadoop.http.authentication.signature.secret</name>
+ <value>hadoop</value>
+ <description>
+ The signature secret for signing the authentication tokens.
+ If not set a random secret is generated at startup time.
+ The same secret should be used for JT/NN/DN/TT configurations.
+ </description>
+</property>
+
+<property>
+ <name>hadoop.http.authentication.cookie.domain</name>
+ <value></value>
+ <description>
+ The domain to use for the HTTP cookie that stores the authentication token.
+ In order to authentiation to work correctly across all Hadoop nodes web-consoles
+ the domain must be correctly set.
+ IMPORTANT: when using IP addresses, browsers ignore cookies with domain settings.
+ For this setting to work properly all nodes in the cluster must be configured
+ to generate URLs with hostname.domain names on it.
+ </description>
+</property>
+
+<property>
+ <name>hadoop.http.authentication.simple.anonymous.allowed</name>
+ <value>true</value>
+ <description>
+ Indicates if anonymous requests are allowed when using 'simple' authentication.
+ </description>
+</property>
+
+<property>
+ <name>hadoop.http.authentication.kerberos.principal</name>
+ <value>HTTP/localhost@LOCALHOST</value>
+ <description>
+ Indicates the Kerberos principal to be used for HTTP endpoint.
+ The principal MUST start with 'HTTP/' as per Kerberos HTTP SPNEGO specification.
+ </description>
+</property>
+
+<property>
+ <name>hadoop.http.authentication.kerberos.keytab</name>
+ <value>${user.home}/hadoop.keytab</value>
+ <description>
+ Location of the keytab file with the credentials for the principal.
+ Referring to the same keytab file Oozie uses for its Kerberos credentials for Hadoop.
+ </description>
+</property>
</configuration>
|