hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "narayana b (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-5108) hadoop 1.2.1 spengo HTTP web console access issue
Date Mon, 19 Aug 2013 05:18:48 GMT

     [ https://issues.apache.org/jira/browse/HDFS-5108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

narayana b updated HDFS-5108:
-----------------------------

    Environment: 
CentOS 6.3 32 bit, jdk1.6_u45, 
installed: kerberos5-1.10 server, client



  was:
CentOS 6.3 32 bit, jdk1.6_u45, kerberos5-1.10 server



    
> hadoop 1.2.1 spengo HTTP web console access issue
> -------------------------------------------------
>
>                 Key: HDFS-5108
>                 URL: https://issues.apache.org/jira/browse/HDFS-5108
>             Project: Hadoop HDFS
>          Issue Type: Bug
>         Environment: CentOS 6.3 32 bit, jdk1.6_u45, 
> installed: kerberos5-1.10 server, client
>            Reporter: narayana b
>
> Hi Good Morning,
> 1) i created kerberos DB, realm and able to test properly
>    
>    added valid principals, key tab files generated using kadmin, signature created using
udev/random
>    I replaced latest jce libs from oracle to support sha1-96...
>    $ kinit
>    $ klist
> 2) i followed this link and configured appropriate
>      http://hadoop.apache.org/docs/stable/HttpAuthentication.html
> core-site.xml
> <!-- HTTP web-consoles Authentication -->
>   <property>
>     <name>hadoop.http.filter.initializers</name>
>     <value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.type</name>
>     <value>kerberos</value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.token.validity</name>
>     <value>36000</value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.signature.secret.file</name>
>     <value>/opt/software/hadoop-1.2.1/conf/security/http-secret-file</value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.cookie.domain</name>
>     <value></value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.simple.anonymous.allowed</name>
>     <value>false</value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.kerberos.principal</name>
>     <value>HTTP/localhost@NARAYANA.LOCAL</value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.kerberos.keytab</name>
>     <value>/opt/software/hadoop-1.2.1/conf/security/mergedKT.keytab</value>
>   </property>
> </configuration>
> 3)I have tested kerberos spengo http to namenode, jobnode on 
>    single cluster environment but failed to access web consoles
>    On browser: about:config then added negotiate-uri to localhost
>    On browser : http://localhost:50070 
>    Result: on browser....  index.html 401 error
> 4) curl -v -u hadoopA --negotiate http://localhost:50070 - works well

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message