hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron T. Myers (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-7119) add Kerberos HTTP SPNEGO authentication support to Hadoop JT/NN/DN/TT web-consoles
Date Fri, 09 Sep 2011 20:52:09 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-7119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13101553#comment-13101553
] 

Aaron T. Myers commented on HADOOP-7119:
----------------------------------------

bq. Regarding the missing testcases, those are the Kerberos ones, a KDC setup is required
to run them, ideally we should have them in, but if pressed with time I think is OK to commit
as it is (exact working code from trunk) and open a JIRA to add them before the next maintenance
release of the 2xx branch. Or, for the 205 release add the Kerberos testcases to the exclude
list in the build.

It seems fine to me to do that as a follow-up JIRA. Could someone please file that?

bq. What is missing are the docs (changes to the xdocs/site.xml and the new hadoop-xdocs/HttpAuthentication.xml
file), I think those should go in.

Agreed.

I should also mention that Alejandro and I tested this patch manually yesterday (with the
addition of AuthenticationFilterInitializer) and it worked like a charm, both from curl and
in Firefox. So, +1 for the back-port once the above are addressed.

> add Kerberos HTTP SPNEGO authentication support to Hadoop JT/NN/DN/TT web-consoles
> ----------------------------------------------------------------------------------
>
>                 Key: HADOOP-7119
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7119
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: security
>    Affects Versions: 0.23.0
>         Environment: all
>            Reporter: Alejandro Abdelnur
>            Assignee: Alejandro Abdelnur
>             Fix For: 0.20.205.0, 0.23.0
>
>         Attachments: HADOOP-7119v3.patch, HADOOP-7119v4-amendment.patch, HADOOP-7119v4.patch,
HADOOP-7119v5.patch, HADOOP-7119v6.patch, ha-common-01.patch, ha-common-02.patch, ha-commons.patch,
spnego-20-security.patch, spnego-20-security2.patch
>
>
> Currently the JT/NN/DN/TT web-consoles don't support any form of authentication.
> Hadoop RPC API already supports Kerberos authentication.
> Kerberos enables single sign-on.
> Popular browsers (Firefox and Internet Explorer) have support for Kerberos HTTP SPNEGO.
> Adding support for Kerberos HTTP SPNEGO to Hadoop web consoles would provide a unified
authentication mechanism and single sign-on for Hadoop web UI and Hadoop RPC.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message