hadoop-hdfs-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Larry McCay III <lmc...@hortonworks.com>
Subject Re: Am I understanding right?
Date Tue, 24 Nov 2015 05:14:58 GMT
Hi Jingfei -

Once you kerberize your cluster, you will generally need to be able to authenticate to KDC
that is either shared with cluster or some sort of cross domain trust is established between
the two KDC’s.
You might considering using Apache Knox to authenticate an external client to Knox via LDAP
or some other mechanism and Knox will take care of the strong authentication required to access
secured Hadoop resources.

You may access a file in HDFS this way with curl using HTTP basic auth against LDAP for example:

curl -ivku username:password -X GET https://host:port/gateway/sandbox/webhdfs/v1/tmp/filename?op=OPEN

Direct access to webhdfs will be difficult from your desktop.

Hope that helps,

—larry

On Nov 23, 2015, at 8:44 PM, Jingfei Hu <jingfei_hu@hotmail.com<mailto:jingfei_hu@hotmail.com>>
wrote:

Anyone?

From: Jingfei Hu [mailto:jingfei.hu@gmail.com]
Sent: Monday, November 23, 2015 6:26 PM
To: user@hadoop.apache.org<mailto:user@hadoop.apache.org>
Cc: jingfei_hu@hotmail.com<mailto:jingfei_hu@hotmail.com>
Subject: Am I understanding right?

Hi team,
I have some trouble to access a HDFS enabled with Kerberos using webhdfs protocol. The Hadoop
deployment is using HDP sandbox in Windows Azure, (just one node). I tried several things.
1.       Enable the Kerberos according to the wizard
a.       I can access the hdfs file using webhdfs in that node with correct Kerberos user
name and password. (I am using curl –negotiate …)
b.       But I can’t access the hdfs file outside of the hdfs cluster, say a windows 10
client in our corp network.
2.       Enabled the Kerberos and connect it with a LDAP
a.       I can access the hdfs file using webhdfs in that node with correct Kerberos user
name and password. (I am using curl –negotiate …)
b.       I can access the hdfs file using webhdfs in a machine within the domain which is
connected with the KDC using the KDC user name and password
c.       I can access the hdfs file using webhdfs in a machine within the domain which is
connected with the KDC using the domain account and password
So my question is will 1.b work in any circumstances? Or it’s not working by design?

Thanks,
Jingfei


Mime
View raw message