hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arun Suresh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-5796) The file system browser in the namenode UI requires SPNEGO.
Date Thu, 20 Nov 2014 21:44:34 GMT

    [ https://issues.apache.org/jira/browse/HDFS-5796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14220063#comment-14220063

Arun Suresh commented on HDFS-5796:

[~benoyantony], Thanks for the pointer to HADOOP-10709

>From what I understand after going thru the patch, it looks like you have a _TokenAuthFIlter_
that SKIPs authentication if it finds a DelegationToken in the request attribute. But for
the delegation token to be there in the first place, it would require the user to be get authenticated
atleast once (the first time).. which is the problem I was trying to solve...

Basically, I was trying to bring the current NN Web UI to user experience parity prior to
HDFS-5382. Correct me if I am wrong, but prior to that, even on a secure cluster, Web UI access
was basically un-authenticated (as _dr.who_ always).. 

> The file system browser in the namenode UI requires SPNEGO.
> -----------------------------------------------------------
>                 Key: HDFS-5796
>                 URL: https://issues.apache.org/jira/browse/HDFS-5796
>             Project: Hadoop HDFS
>          Issue Type: Bug
>    Affects Versions: 2.5.0
>            Reporter: Kihwal Lee
>            Assignee: Arun Suresh
>         Attachments: HDFS-5796.1.patch, HDFS-5796.1.patch
> After HDFS-5382, the browser makes webhdfs REST calls directly, requiring SPNEGO to work
between user's browser and namenode.  This won't work if the cluster's security infrastructure
is isolated from the regular network.  Moreover, SPNEGO is not supposed to be required for
user-facing web pages.

This message was sent by Atlassian JIRA

View raw message