[
https://issues.apache.org/jira/browse/HADOOP-7119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13086876#comment-13086876
]
Aaron T. Myers commented on HADOOP-7119:
----------------------------------------
Patch looks pretty good, Alejandro. I think it's very close to being able to be
committed.
Awesome that you included tests which work if a Kerberos environment is
available. Thanks for doing that. I ran all the tests (with and without
Kerberos present) and they all passed. I also ran all of the maven goals and
they all worked flawlessly. I also reviewed all of the code (though none of the
code to build the project). The following are the comments from that review:
# In KerberosAuthenticationHandler.authenticate, you determine the user's name
by always taking the first component of the fully Kerberos principal name.
Hadoop (and MIT Kerberos) allow for one to configure arbitrary rules to perform
this mapping. In order to be compatible with Hadoop in this respect, I would
think that Alfredo would also need to perform this mapping.
# README.txt has a few errors (documentation location, user mailing list.)
# Typo in BuildingIt.apt.vm: "can be used to change de default"
# In BuildingIt.apt.vm, you seem to indicate that if one changes the default
values for alfredo.test.ker
beros.server.principal or alfredo.test.kerberos.client.principal that one must
include the realm part of
the principal name. In fact, doing so will cause the tests to fail.
# In all of the documentation you include the author's name. The Hadoop
projects deliberately do not inc
lude author tags in the source.
While I was going through the code I found a number of little things (typos
mostly, and style stuff) that could use clean-up. I'll attach a patch shortly
which should be applied on top of HADOOP-7119v4.patch. This seemed like the
easiest way for you to review those changes.
> add Kerberos HTTP SPNEGO authentication support to Hadoop JT/NN/DN/TT
> web-consoles
> ----------------------------------------------------------------------------------
>
> Key: HADOOP-7119
> URL: https://issues.apache.org/jira/browse/HADOOP-7119
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 0.23.0
> Environment: all
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Attachments: HADOOP-7119v3.patch, HADOOP-7119v4-amendment.patch,
> HADOOP-7119v4.patch, ha-common-01.patch, ha-common-02.patch, ha-commons.patch
>
>
> Currently the JT/NN/DN/TT web-consoles don't support any form of
> authentication.
> Hadoop RPC API already supports Kerberos authentication.
> Kerberos enables single sign-on.
> Popular browsers (Firefox and Internet Explorer) have support for Kerberos
> HTTP SPNEGO.
> Adding support for Kerberos HTTP SPNEGO to Hadoop web consoles would provide
> a unified authentication mechanism and single sign-on for Hadoop web UI and
> Hadoop RPC.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
