[jira] [Commented] (HADOOP-7119) add Kerberos HTTP SPNEGO authentication support to Hadoop JT/NN/DN/TT web-consoles

Fri, 09 Sep 2011 13:52:33 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-7119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13101553#comment-13101553
 ] 

Aaron T. Myers commented on HADOOP-7119:
----------------------------------------

bq. Regarding the missing testcases, those are the Kerberos ones, a KDC setup 
is required to run them, ideally we should have them in, but if pressed with 
time I think is OK to commit as it is (exact working code from trunk) and open 
a JIRA to add them before the next maintenance release of the 2xx branch. Or, 
for the 205 release add the Kerberos testcases to the exclude list in the build.

It seems fine to me to do that as a follow-up JIRA. Could someone please file 
that?

bq. What is missing are the docs (changes to the xdocs/site.xml and the new 
hadoop-xdocs/HttpAuthentication.xml file), I think those should go in.

Agreed.

I should also mention that Alejandro and I tested this patch manually yesterday 
(with the addition of AuthenticationFilterInitializer) and it worked like a 
charm, both from curl and in Firefox. So, +1 for the back-port once the above 
are addressed.

> add Kerberos HTTP SPNEGO authentication support to Hadoop JT/NN/DN/TT 
> web-consoles
> ----------------------------------------------------------------------------------
>
>                 Key: HADOOP-7119
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7119
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: security
>    Affects Versions: 0.23.0
>         Environment: all
>            Reporter: Alejandro Abdelnur
>            Assignee: Alejandro Abdelnur
>             Fix For: 0.20.205.0, 0.23.0
>
>         Attachments: HADOOP-7119v3.patch, HADOOP-7119v4-amendment.patch, 
> HADOOP-7119v4.patch, HADOOP-7119v5.patch, HADOOP-7119v6.patch, 
> ha-common-01.patch, ha-common-02.patch, ha-commons.patch, 
> spnego-20-security.patch, spnego-20-security2.patch
>
>
> Currently the JT/NN/DN/TT web-consoles don't support any form of 
> authentication.
> Hadoop RPC API already supports Kerberos authentication.
> Kerberos enables single sign-on.
> Popular browsers (Firefox and Internet Explorer) have support for Kerberos 
> HTTP SPNEGO.
> Adding support for Kerberos HTTP SPNEGO to Hadoop web consoles would provide 
> a unified authentication mechanism and single sign-on for Hadoop web UI and 
> Hadoop RPC.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to