[
https://issues.apache.org/jira/browse/HADOOP-8816?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13457129#comment-13457129
]
Moritz Moeller commented on HADOOP-8816:
----------------------------------------
No, Kerberos tokens do not contain group membership information, but tend to
get pretty large, 4-8k base64 encoded.
I guess 16kb header size would be enough.
Making that configurable is your choice, I personally wouldn't as I know no
things that cause header sizes larger than Kerberos, but then if it was
configurable already this ticket wouldn't exist.
> HTTP Error 413 full HEAD if using kerberos authentication
> ---------------------------------------------------------
>
> Key: HADOOP-8816
> URL: https://issues.apache.org/jira/browse/HADOOP-8816
> Project: Hadoop Common
> Issue Type: Bug
> Components: net
> Affects Versions: 2.0.1-alpha
> Environment: ubuntu linux with active directory kerberos.
> Reporter: Moritz Moeller
>
> The HTTP Authentication: header is too large if using kerberos and the
> request is rejected by Jetty because Jetty has a too low default header size
> limit.
> Can be fixed by adding ret.setHeaderBufferSize(1024*128); in
> org.apache.hadoop.http.HttpServer.createDefaultChannelConnector
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
