Return-Path: X-Original-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0937010BE4 for ; Wed, 21 Aug 2013 02:23:52 +0000 (UTC) Received: (qmail 78848 invoked by uid 500); 21 Aug 2013 02:23:51 -0000 Delivered-To: apmail-hadoop-hdfs-issues-archive@hadoop.apache.org Received: (qmail 78817 invoked by uid 500); 21 Aug 2013 02:23:51 -0000 Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hdfs-issues@hadoop.apache.org Delivered-To: mailing list hdfs-issues@hadoop.apache.org Received: (qmail 78808 invoked by uid 99); 21 Aug 2013 02:23:51 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 Aug 2013 02:23:51 +0000 Date: Wed, 21 Aug 2013 02:23:51 +0000 (UTC) From: "narayana b (JIRA)" To: hdfs-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HDFS-5108) hadoop 1.2.1 spengo HTTP web console access issue MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HDFS-5108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13745727#comment-13745727 ] narayana b commented on HDFS-5108: ---------------------------------- Hi, Hope you gone through the steps thoroughly step3 says in my question : network.negotiate-auth.trusted-uris , i have done it but still failing to access http://localhost:50070 i verified namenode logs it say spengo login successful... but when i try to access it fails....... & logs 401 message please help me if there which im missing? > hadoop 1.2.1 spengo HTTP web console access issue > ------------------------------------------------- > > Key: HDFS-5108 > URL: https://issues.apache.org/jira/browse/HDFS-5108 > Project: Hadoop HDFS > Issue Type: Bug > Environment: CentOS 6.4 32 bit, jdk1.6_u45, > installed: kerberos5-1.10 server, client > Reporter: narayana b > > Hi Good Morning, > 1) i created kerberos DB, realm and able to test properly > > added valid principals, key tab files generated using kadmin, signature created using udev/random > I replaced latest jce libs from oracle to support sha1-96... > $ kinit > $ klist > 2) i followed this link and configured appropriate > http://hadoop.apache.org/docs/stable/HttpAuthentication.html > core-site.xml > > > hadoop.http.filter.initializers > org.apache.hadoop.security.AuthenticationFilterInitializer > > > hadoop.http.authentication.type > kerberos > > > hadoop.http.authentication.token.validity > 36000 > > > hadoop.http.authentication.signature.secret.file > /opt/software/hadoop-1.2.1/conf/security/http-secret-file > > > hadoop.http.authentication.cookie.domain > > > > hadoop.http.authentication.simple.anonymous.allowed > false > > > hadoop.http.authentication.kerberos.principal > HTTP/localhost@NARAYANA.LOCAL > > > hadoop.http.authentication.kerberos.keytab > /opt/software/hadoop-1.2.1/conf/security/mergedKT.keytab > > > 3)I have tested kerberos spengo http to namenode, jobnode on > single cluster environment but failed to access web consoles > On browser: about:config then added negotiate-uri to localhost > On browser : http://localhost:50070 > Result: on browser.... index.html 401 error > 4) curl -v -u hadoopA --negotiate http://localhost:50070 - works well -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira