hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arun Suresh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-5796) The file system browser in the namenode UI requires SPNEGO.
Date Thu, 12 Mar 2015 16:35:39 GMT

    [ https://issues.apache.org/jira/browse/HDFS-5796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14358930#comment-14358930
] 

Arun Suresh commented on HDFS-5796:
-----------------------------------

[~aw], I just updated HADOOP-11702 to remove the file reading logic from {{AuthenticationFilterInitializer}}.
This is not required as the {{AuthenticationFilter}} that it adds already instantiates the
{{StringSignerSecretProvider}} that will read the file.

bq. ..we can use the SignerSecretProvider without breaking backward compatibility since it
uses a different configuration property.
Think im missing something.. why do you say it uses a different property ?

> The file system browser in the namenode UI requires SPNEGO.
> -----------------------------------------------------------
>
>                 Key: HDFS-5796
>                 URL: https://issues.apache.org/jira/browse/HDFS-5796
>             Project: Hadoop HDFS
>          Issue Type: Bug
>    Affects Versions: 2.5.0
>            Reporter: Kihwal Lee
>            Assignee: Ryan Sasson
>            Priority: Blocker
>         Attachments: HDFS-5796.1.patch, HDFS-5796.1.patch, HDFS-5796.2.patch, HDFS-5796.3.patch,
HDFS-5796.3.patch, HDFS-5796.4.patch
>
>
> After HDFS-5382, the browser makes webhdfs REST calls directly, requiring SPNEGO to work
between user's browser and namenode.  This won't work if the cluster's security infrastructure
is isolated from the regular network.  Moreover, SPNEGO is not supposed to be required for
user-facing web pages.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message