Return-Path: X-Original-To: apmail-hadoop-mapreduce-user-archive@minotaur.apache.org Delivered-To: apmail-hadoop-mapreduce-user-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9015E1075C for ; Wed, 11 Sep 2013 07:47:29 +0000 (UTC) Received: (qmail 94356 invoked by uid 500); 11 Sep 2013 07:47:23 -0000 Delivered-To: apmail-hadoop-mapreduce-user-archive@hadoop.apache.org Received: (qmail 93868 invoked by uid 500); 11 Sep 2013 07:47:22 -0000 Mailing-List: contact user-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@hadoop.apache.org Delivered-To: mailing list user@hadoop.apache.org Received: (qmail 93860 invoked by uid 99); 11 Sep 2013 07:47:22 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Sep 2013 07:47:22 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,NORMAL_HTTP_TO_IP,RCVD_IN_DNSWL_LOW,SPF_PASS,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of visioner.sadak@gmail.com designates 209.85.128.170 as permitted sender) Received: from [209.85.128.170] (HELO mail-ve0-f170.google.com) (209.85.128.170) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Sep 2013 07:47:14 +0000 Received: by mail-ve0-f170.google.com with SMTP id c14so5622095vea.29 for ; Wed, 11 Sep 2013 00:46:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=XSIx6iLqHvVAVPW9l3EygW832+A+kzJgvB6kaVd2Fzc=; b=PTrbnGis78Nhpa1R9X/Zv6/efpW4PdXKFkGijouK1oSbclY94ZS19aU6RLwkPciCvy ItU8z1tnO8IDA7v/NxYRhF+Lh5zRnopm+V/rDuiDTMNVY3E8I9mWXGEYg+bse+s8BASa Zwib8HoP3o2NpM+gu7qd5IOyP3QiTvWO+oFlD+EQLdzed6s3t4529yyT7GQiO92Cg04M 5YuoJoZcNMYONtZI8YqHcYNXsdmc1Dtwv6Jsa4covuBbPUtxVKOHhO+FL081Bb4RPUe7 MB7rMqvKzOUpUM9+wLqE0i1BtRE9sC1T9MRTHS0h55RwTEe/jWlw1Da2HBYyUQ80YyAk OwsA== MIME-Version: 1.0 X-Received: by 10.52.98.66 with SMTP id eg2mr78246vdb.24.1378885613866; Wed, 11 Sep 2013 00:46:53 -0700 (PDT) Received: by 10.52.188.104 with HTTP; Wed, 11 Sep 2013 00:46:53 -0700 (PDT) Date: Wed, 11 Sep 2013 13:16:53 +0530 Message-ID: Subject: hadoop web UI security From: Visioner Sadak To: user@hadoop.apache.org Content-Type: multipart/alternative; boundary=20cf307f330e3354d204e616d39a X-Virus-Checked: Checked by ClamAV on apache.org --20cf307f330e3354d204e616d39a Content-Type: text/plain; charset=ISO-8859-1 Hello friends i m using the below configuration to hide hadoop web UI the problem is that when i access http://192.34.8.8:50070/ it works properly and blocks access but when i use http://192.34.8.8:50070/dfshealth.jsp?user.name=blahblahh(anyusername)...... it failes and allows access even if i set my signature username as hadoopuser its allowing access for any username hadoop.http.filter.initializers org.apache.hadoop.security.AuthenticationFilterInitializer hadoop.http.authentication.type simple hadoop.http.authentication.token.validity 60 hadoop.http.authentication.signature.secret.file /home/hadoop/hadoop-0.23.3/conf/security/username hadoop.http.authentication.cookie.domain hadoop.http.authentication.simple.anonymous.allowed false --20cf307f330e3354d204e616d39a Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Hello friends i m using the below configuration to hi= de hadoop web UI =A0the problem is that when i access

<= div>http://192.34.8.8:50070/ =A0 = =A0it =A0works properly and blocks access but when i use=A0


http://192.34.8.8:50070/dfshealth= .jsp?user.name=3Dblahblahh(any username)...... it failes and allows acc= ess even if i set my signature username as hadoopuser=A0

its allowing =A0access for any =A0username
<= div>

<property>
<name>ha= doop.http.filter.initializers</name>
=A0<value>org.ap= ache.hadoop.security.AuthenticationFilterInitializer</value>
</property>

<property>
<= div><name>hadoop.http.authentication.type</name>
=A0&= lt;value>simple</value>
</property>

<property>
=A0<name>hadoop.http.authen= tication.token.validity</name>
=A0<value>60</value= >
</property>

<property><= /div>
<name>hadoop.http.authentication.signature.secret.file</name&= gt;
<value>/home/hadoop/hadoop-0.23.3/conf/security/usernam= e</value>
</property>

<pr= operty>=A0
<name>hadoop.http.authentication.cookie.domain</name>
<value>
</value>
</property>

<property>
<name>hadoop.http.a= uthentication.simple.anonymous.allowed</name>
<value>false</value>
</property>
--20cf307f330e3354d204e616d39a--