hadoop-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Nauroth <cnaur...@hortonworks.com>
Subject Re: Authentication for hdfs web interface
Date Sat, 28 Nov 2015 23:04:32 GMT
Hello Francis,

Your configuration was very close to correct, but the
hadoop.http.filter.initializers property needs to be set to the name of a
filter initializer class, not the filter itself.  Use this in
core-site.xml:

<property>
  <name>hadoop.http.filter.initializers</name>
  <value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
  </property>


There are more details in the HTTP Authentication section of the Apache
Hadoop documentation:

http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/Htt
pAuthentication.html


--Chris Nauroth




On 11/25/15, 7:48 AM, "Francis Dupin" <francis.dupin@ifsttar.fr> wrote:

>Hi all,
>
>I would like to secure the web browser access to hdfs interface.
>
>I have installed kerberos (working fine)
>
>Then I have modified in my hadoop dist (binarie downloaded from apache
>site) :
>${HADOOP}/share/hadoop/hdfs/webapps/hdfs/WEB-INF/web.xml
>
>adding :
>
>
>  <filter>
>         <filter-name>kerberosFilter</filter-name>
><filter-class>org.apache.hadoop.security.authentication.server.Authenticat
>ionFilter</filter-class>
>         <init-param>
>             <param-name>type</param-name>
>             <param-value>kerberos</param-value>
>         </init-param>
>         <init-param>
>             <param-name>token.validity</param-name>
>             <param-value>3600</param-value>
>         </init-param>
>         <init-param>
>             <param-name>cookie.domain</param-name>
>             <param-value>.mv</param-value>
>         </init-param>
>         <init-param>
>             <param-name>cookie.path</param-name>
>             <param-value>/</param-value>
>         </init-param>
>         <init-param>
>             <param-name>kerberos.principal</param-name>
>             <param-value>HTTP/mv05@MV</param-value>
>         </init-param>
>         <init-param>
>             <param-name>kerberos.keytab</param-name>
><param-value>/etc/krb5kdc/kadm5.keytab</param-value>
>         </init-param>
>     </filter>
>
>     <filter-mapping>
>         <filter-name>kerberosFilter</filter-name>
>         <url-pattern>/kerberos/*</url-pattern>
>     </filter-mapping>
>
>where HTTP/mv05@MV and .mv are my own parameters
>
>
>1 - In the documentation,
>-------------------------------------
>http://hadoop.apache.org/docs/current/hadoop-auth/Configuration.html
>
>it is written
><filter-class>org.apache.hadoop.security.auth.server.AuthenticationFilter<
>/filter-class>
>but the class is not found.
>
>I have replaced by
><filter-class>org.apache.hadoop.security.auth.server.AuthenticationFilter<
>/filter-class>
>
>
>2 - In core-site.xml, I have added :
>---------------------------------------------
>
><property>
>   <name>hadoop.http.filter.initializers</name>
><value>org.apache.hadoop.http.lib.StaticUserWebFilter,org.apache.hadoop.se
>curity.authentication.server.AuthenticationFilter
></value>
></property>
>
>
>When I launch the nodename, I have this error :
>
>java.lang.ClassCastException:
>org.apache.hadoop.security.authentication.server.AuthenticationFilter
>cannot be cast to org.apache.hadoop.http.FilterInitializer
>
>
>Any idea to solve that ?
>
>Thank you to all in advance.
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@hadoop.apache.org
>For additional commands, e-mail: user-help@hadoop.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@hadoop.apache.org
For additional commands, e-mail: user-help@hadoop.apache.org


Mime
View raw message