hadoop-common-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeffrey Rodriguez <jeffrey...@gmail.com>
Subject 403 when trying to access secure hadoop http UI /logs/ - any workaround? or explanation?
Date Fri, 29 Apr 2016 15:34:53 GMT
Hi Folks,
      I am getting a 403 accessing Kerberized cluster (Hadoop Kerberized).

kinit ..... valid Kerberos user...

curl -L  --negotiate -u :  http://locathost:50070/logs/

..
> GET /logs/ HTTP/1.1
> Authorization: Negotiate
YIICVwYJKoZIhvcSAQICAQBuggJGMIICQqADAgEFoQMCAQ6iBwMFAAAAAACjggFjYYIBXzCCAVugAwIBBaEJGwdJQk0uQ09NoicwJaADAgEDoR4wHBsESFRUUBsUYmRhdm00ODQuc3ZsLmlibS5jb22jggEeMIIBGqADAgERoQMCAQaiggEMBIIBCGTmcjb1WNFRYaTCzAxgCC9ZMaKdHHyt+7qHV/Q4mRFyuhhouo0hFccjNH7TTC1eUXTf31+zo5Zfg3dNPV/NJ1WH53YdMYWHuHDAkWvd7amBPQB/j5q2pOqn+3X8DEW8hcPYo1vRrzLWht8BKmorxCNuRIDETw0Qn7Q9cETLPgPHbEqTCjeEKNqux/26CaJ8/Ixu6qBbj1DtsJzJZJCKbIVoYbj6hGajv4ACIXTXeIIUa9dqDXeI9R97OZXSVlq/M3foyltPQfjRL3DEWiDdavpmr/3LJbJ6rr3UYeZKona8Wz4SlGWKJwkqSTdBTdpHatVZVRXkTfkeuAi03HNVvZwsJ1v1hPpCaqSBxTCBwqADAgERooG6BIG3jNhBU4niOi+a32hsF5qCAVDne7815PrvvGhweF14u+1nJ2Nk+54eQWUNNIF87AomF0vEoUFjzKtKJ6pAcTer9L9ab782acAhEH0H+O3kW88qc45LGhRtquimF2Xrguq1RrjPIlS1sAoTLtj/b0ctvcFQBH1Vuuryyn5AKyWBvW0IFVzBcJQcLlVjlFoaeA9RpF39BktO3RutCONA4/B/RzbeucEvIhyODss7XBs83o49KemsQT7x
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/
3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: localhost:50070
> Accept: */*
>
< HTTP/1.1 403 User ambari-qa is unauthorized to access this page.
< Content-Type: text/html; charset=iso-8859-1
< Set-Cookie: hadoop.auth="u=ambari-qa&p=ambari-qa-testme@IBM.COM&t=kerberos&e=1461979860144&s=oXW3iQyX0/SAWxup9pngeyNSGO4=";
Path=/; Domain=svl.ibm.com; Expires=Sat, 30-Apr-2016 01:31:00 GMT; HttpOnly



id ambari-qa

id ambari-qa
uid=1006(ambari-qa) gid=502(hadoop) groups=502(hadoop),100(users)


All super user/proxy set to *

Any reason why /logs/ are not accessible? Can that be set in configuration?

BTW is I run the request as hdfs user it succeeds so hdfs service user has
authorization.

This is confusing some users since they expect access for hadoop UI /logs/

Mime
View raw message