hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benoy Antony (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-4794) Browsing filesystem via webui throws kerberos exception when NN service RPC is enabled in a secure cluster
Date Mon, 15 Jul 2013 20:30:49 GMT

    [ https://issues.apache.org/jira/browse/HDFS-4794?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13708933#comment-13708933
] 

Benoy Antony commented on HDFS-4794:
------------------------------------

This variable is used only in JSPs.

Please note that the change is not going to break any functionality. Instead of using the
service RPC address, we are using RPC address for the webui access.  This is in line with
the Hadoop 2.0 approach. It has been working fine in our clusters for last 3 months. 

The change is pretty simple.
If a cluster is using service RPC address, namenode address in JSPS is set to RPC address.

If a cluster is not using service RPC address, there is no change.

Adding a new variable simply causes more changes for no real reason and is not tested by us.
                
> Browsing filesystem via webui throws kerberos exception when NN service RPC is enabled
in a secure cluster
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: HDFS-4794
>                 URL: https://issues.apache.org/jira/browse/HDFS-4794
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 1.1.2
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>         Attachments: HDFS-4794.patch
>
>
> Browsing filesystem via webui throws kerberos exception when NN service RPC is enabled
in a secure cluster
> To reproduce this error, 
> Enable security 
> Enable serviceRPC by setting dfs.namenode.servicerpc-address and use a different port
than the rpc port.
> Click on "Browse the filesystem" on NameNode web.
> The following error will be shown :
> Call to NN001/12.123.123.01:8030 failed on local exception: java.io.IOException: javax.security.sasl.SaslException:
GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level:
Failed to find any Kerberos tgt)]

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message