Repository: storm Updated Branches: refs/heads/STORM-633 [created] 5b68f5409
STORM-633. Nimbus - HTTP Error 413 full HEAD if using kerberos authentication. Project: http://git-wip-us.apache.org/repos/asf/storm/repo Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/ef853872 Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/ef853872 Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/ef853872 Branch: refs/heads/STORM-633 Commit: ef85387299e48051abe2434a58adbd74376190e0 Parents: 90561ba Author: Sriharsha Chintalapani <[email protected]> Authored: Thu Jan 22 15:04:35 2015 -0800 Committer: Sriharsha Chintalapani <[email protected]> Committed: Thu Jan 22 15:04:35 2015 -0800 ---------------------------------------------------------------------- SECURITY.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/storm/blob/ef853872/SECURITY.md ---------------------------------------------------------------------- diff --git a/SECURITY.md b/SECURITY.md index b9f81d0..0a4c405 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -71,9 +71,11 @@ Once configured users needs to do kinit before accessing UI. Ex: curl -i --negotiate -u:anyUser -b ~/cookiejar.txt -c ~/cookiejar.txt http://storm-ui-hostname:8080/api/v1/cluster/summary -1) Firefox: Goto about:config and search for network.negotiate-auth.trusted-uris double-click to add value "http://storm-ui-hostname:8080"; -2) Google-chrome: start from command line with: google-chrome --auth-server-whitelist="*storm-ui-hostname" --auth-negotiate-delegate-whitelist="*storm-ui-hostname" -3) IE: Configure trusted websites to include "storm-ui-hostname" and allow negotiation for that website +1. Firefox: Goto about:config and search for network.negotiate-auth.trusted-uris double-click to add value "http://storm-ui-hostname:8080"; +2. Google-chrome: start from command line with: google-chrome --auth-server-whitelist="*storm-ui-hostname" --auth-negotiate-delegate-whitelist="*storm-ui-hostname" +3. IE: Configure trusted websites to include "storm-ui-hostname" and allow negotiation for that website + +**Caution**: In AD MIT Keberos setup the key size is bigger than the default UI jetty server request header size. Make sure you set ui.header.buffer.bytes to 65536 in storm.yaml. More details are on [STORM-633](https://issues.apache.org/jira/browse/STORM-633) ## Authentication (Kerberos)
