Yuanbo Liu created HADOOP-13707:

             Summary: If kerberos is enabled while HTTP SPNEGO is not 
configured, some links cannot be accessed
                 Key: HADOOP-13707
                 URL: https://issues.apache.org/jira/browse/HADOOP-13707
             Project: Hadoop Common
          Issue Type: Bug
            Reporter: Yuanbo Liu

In {{HttpServer2#hasAdministratorAccess}}, it uses 
`hadoop.security.authorization` to detect whether HTTP is authenticated.
It's not correct, because enabling Kerberos and HTTP SPNEGO are two steps. If 
Kerberos is enabled while HTTP SPNEGO is not, some links cannot be accessed, 
such as "/logs", and it will return error message as below:
Problem accessing /logs/. Reason:
User dr.who is unauthorized to access this page.

We should use {{adoop.http.authentication.type}} instead of 
{{hadoop.security.authorization}} to detect whether HTTP authentication is 
enabled, if the value of  {{adoop.http.authentication.type}}  equals `simple`, 
anybody has administrator access.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org

Reply via email to