hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9054) Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication for browsers
Date Fri, 30 Nov 2012 19:43:59 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13507599#comment-13507599
] 

Alejandro Abdelnur commented on HADOOP-9054:
--------------------------------------------

+1. 

On Allen's comment "the user is going to get bounced around a lot. As a result, this means
they might need to re-authenticate on every host if one isn't careful about the implementation."

Hadoop-Auth already has provisions for this by allowing you to define a cookie domain. Once
you have a hadoop-auth cookie, the authentication-handler code does not kicks in until the
cookie expires.
                
> Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication
for browsers
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-9054
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9054
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: security
>            Reporter: Robert Kanter
>            Assignee: Robert Kanter
>             Fix For: 2.0.3-alpha
>
>         Attachments: HADOOP-9054.patch, HADOOP-9054.patch
>
>
> It would be useful for some Oozie users if, when using Kerberos, that browser access
to the oozie web UI could be authenticated in a different way (w/o Kerberos).  This may be
useful for other projects using Hadoop-Auth, so this feature is to add a new AuthenticationHandler
that uses Kerberos by default, unless a browser (user-agents are configurable) is used, in
which case some other form of authentication can be used.  

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message