hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-5854) WebHDFS file browsing not working on secure cluster -or displaying meaningful errors
Date Thu, 30 Jan 2014 15:26:12 GMT

    [ https://issues.apache.org/jira/browse/HDFS-5854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13886657#comment-13886657

Daryn Sharp commented on HDFS-5854:

Sidenote, one of the spnego patches I have available for webhdfs's http protocol violations
will cause the body to contain "Authentication required".  I do find it humorous that it currently
appears to blame Jetty itself. :)

I'm not disagreeing with the fallback because it doesn't make sense for the NN UI to depend
on an optional service.  I've been a bit dismayed about the direct reliance on webhdfs http
calls because it's problematic when the NN UI is protected by a custom non-spnego auth filter
- in our case and probably yours because desktop clients aren't configured to do spnego. 
Yet the UI references URL's that require spnego which the client cannot do.

Perhaps the NN should be internally invoking the servlets to get the response direct webhdfs
calls would return.  That retains the cool new UI and allows flexibility for authentication.

> WebHDFS file browsing not working on secure cluster -or displaying meaningful errors
> ------------------------------------------------------------------------------------
>                 Key: HDFS-5854
>                 URL: https://issues.apache.org/jira/browse/HDFS-5854
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: webhdfs
>    Affects Versions: 2.4.0
>         Environment: linux, kerberized 2.4.0 snapshot, commit #941ce6a
>            Reporter: Steve Loughran
>         Attachments: Screen Shot 2014-01-30 at 10.16.45.png
> webhdfs is on by default and the new NN status UI is coming up (after setting the {{
'dfs.web.authentication.kerberos.principal}} property -but the FS browser failing with error
code 401 -unauth. 
> That's inevitably security related -somehow.  But
> # the principal is set -or does httpfs-site.xml need to be filled in too?
> # if it is invalid, then some statement in the GUI should be provided

This message was sent by Atlassian JIRA

View raw message