hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benoy Antony (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-5661) Browsing FileSystem via web ui, should use datanode's hostname instead of ip address
Date Mon, 16 Dec 2013 17:47:07 GMT

    [ https://issues.apache.org/jira/browse/HDFS-5661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13849381#comment-13849381
] 

Benoy Antony commented on HDFS-5661:
------------------------------------

DelegationToken is used to access Namenode.

Here is the sequence:
# NN generates DT and put the DT into the redirect URL
# DN receives the redirect request. The AuthenticationFIlter  authenticates using "hadoop.auth"
cookie if available.
# JSPs on the datadode server (i.e., tail / browseBlock / browseDirectory) access the NN using
DelegationToken obtained as a URL parameter. 

For step 2 to work, the uri should have FQDN and the FQDN should be suffixed with "hadoop.http.authentication.cookie.domain"
.
One can verify the above  by reviewing the code and testing it.
 
Usage of IP address (introduced in HDFS-5307) broke the file browsing when security is turned
on. 
What's the argument against using  FQDN instead of ip address ?  
A hostname is always ensured during DN registration and the attached patch uses it.







> Browsing FileSystem via web ui, should use datanode's hostname instead of ip address
> ------------------------------------------------------------------------------------
>
>                 Key: HDFS-5661
>                 URL: https://issues.apache.org/jira/browse/HDFS-5661
>             Project: Hadoop HDFS
>          Issue Type: Bug
>    Affects Versions: 2.2.0
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>         Attachments: HDFS-5661.patch
>
>
> If authentication is enabled on the web ui, then a cookie is used to keep track of the
authentication information. There is normally a domain associated with the cookie. Since ip
address doesn't have any domain , the cookie will not be sent by the browser while making
http calls with ip address as the destination server.
> This will break browsing files system via web ui , if authentication is enabled.
> Browsing FileSystem via web ui, should use datanode's hostname instead of ip address.




--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

Mime
View raw message