[ https://issues.apache.org/jira/browse/HADOOP-16366?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Prabhu Joseph updated HADOOP-16366: ----------------------------------- Description: YARNUIV2 fails with "Request is a replay attack" when below settings configured. {code:java} hadoop.security.authentication = kerberos hadoop.http.authentication.type = kerberos hadoop.http.filter.initializers = org.apache.hadoop.security.AuthenticationFilterInitializer yarn.resourcemanager.webapp.delegation-token-auth-filter.enabled = false{code} AuthenticationFilter is added twice by the Yarn UI2 Context causing the issue. {code:java} 2019-06-12 11:59:43,900 INFO webapp.RMWebAppUtil (RMWebAppUtil.java:addFiltersForUI2Context(483)) - UI2 context filter Name:authentication, className=org.apache.hadoop.security.authentication.server.AuthenticationFilter 2019-06-12 11:59:43,900 INFO webapp.RMWebAppUtil (RMWebAppUtil.java:addFiltersForUI2Context(483)) - UI2 context filter Name:authentication, className=org.apache.hadoop.security.authentication.server.AuthenticationFilter {code} Another issue with {{TimelineReaderServer}} which ignores {{ProxyUserAuthenticationFilterInitializer}} when {{hadoop.http.filter.initializers}} is configured. was: YARNUIV2 fails with "Request is a replay attack" when below settings configured. {code:java} hadoop.security.authentication = kerberos hadoop.http.authentication.type = kerberos hadoop.http.filter.initializers = org.apache.hadoop.security.AuthenticationFilterInitializer yarn.resourcemanager.webapp.delegation-token-auth-filter.enabled = false{code} AuthenticationFilter is added twice by the Yarn UI2 Context causing the issue. {code:java} 2019-06-12 11:59:43,900 INFO webapp.RMWebAppUtil (RMWebAppUtil.java:addFiltersForUI2Context(483)) - UI2 context filter Name:authentication, className=org.apache.hadoop.security.authentication.server.AuthenticationFilter 2019-06-12 11:59:43,900 INFO webapp.RMWebAppUtil (RMWebAppUtil.java:addFiltersForUI2Context(483)) - UI2 context filter Name:authentication, className=org.apache.hadoop.security.authentication.server.AuthenticationFilter {code} {{TimelineReaderServer}} ignores {{ProxyUserAuthenticationFilterInitializer}} when {{hadoop.http.filter.initializers}} is configured. > YARNUIV2 fails with "Request is a replay attack" > ------------------------------------------------ > > Key: HADOOP-16366 > URL: https://issues.apache.org/jira/browse/HADOOP-16366 > Project: Hadoop Common > Issue Type: Sub-task > Components: security > Affects Versions: 3.3.0 > Reporter: Prabhu Joseph > Assignee: Prabhu Joseph > Priority: Major > > YARNUIV2 fails with "Request is a replay attack" when below settings > configured. > {code:java} > hadoop.security.authentication = kerberos > hadoop.http.authentication.type = kerberos > hadoop.http.filter.initializers = > org.apache.hadoop.security.AuthenticationFilterInitializer > yarn.resourcemanager.webapp.delegation-token-auth-filter.enabled = false{code} > > AuthenticationFilter is added twice by the Yarn UI2 Context causing the > issue. > {code:java} > 2019-06-12 11:59:43,900 INFO webapp.RMWebAppUtil > (RMWebAppUtil.java:addFiltersForUI2Context(483)) - UI2 context filter > Name:authentication, > className=org.apache.hadoop.security.authentication.server.AuthenticationFilter > 2019-06-12 11:59:43,900 INFO webapp.RMWebAppUtil > (RMWebAppUtil.java:addFiltersForUI2Context(483)) - UI2 context filter > Name:authentication, > className=org.apache.hadoop.security.authentication.server.AuthenticationFilter > {code} > Another issue with {{TimelineReaderServer}} which ignores > {{ProxyUserAuthenticationFilterInitializer}} when > {{hadoop.http.filter.initializers}} is configured. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org