[jira] [Commented] (HADOOP-12096) Rest API failing when ip configured in RM address in secure https mode

Wed, 17 Jun 2015 10:29:14 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-12096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14590136#comment-14590136
 ] 

Steve Loughran commented on HADOOP-12096:
-----------------------------------------

Allen —why not? Especially given on windows that if you do a reverse lookup of 
127.0.0.1 you don't get  "localhost' back. For some testing (yarn registry 
talking to secure ZK) I explicitly had to register user/[email protected] 
to get things to work.

regarding the patch, I now think Kerberos is probably the bit of the codebase 
we have to tread most carefully around. Whoever claims to be the experts in 
Hadoop, Kerberos and HTTP will need to review it, and then, ideally. it gets 
some serious testing before patch goes in

> Rest API failing when ip configured in RM address in secure https mode
> ----------------------------------------------------------------------
>
>                 Key: HADOOP-12096
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12096
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: net, security
>            Reporter: Bibin A Chundatt
>            Assignee: Bibin A Chundatt
>            Priority: Critical
>         Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch, 
> 0002-YARN-3810.patch
>
>
> Steps to reproduce
> ===============
> 1.Configure hadoop.http.authentication.kerberos.principal as below
> {code:xml}
>   <property>
>     <name>hadoop.http.authentication.kerberos.principal</name>
>     <value>HTTP/[email protected]</value>
>   </property>
> {code}
> 2. In RM web address also configure IP 
> 3. Startup RM 
> Call Rest API for RM  {{ curl -i -k  --insecure --negotiate -u : https IP 
> /ws/v1/cluster/info"}}
> *Actual*
> Rest API  failing
> {code}
> 2015-06-16 19:03:49,845 DEBUG 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter: 
> Authentication exception: GSSException: No valid credentials provided 
> (Mechanism level: Failed to find any Kerberos credentails)
> org.apache.hadoop.security.authentication.client.AuthenticationException: 
> GSSException: No valid credentials provided (Mechanism level: Failed to find 
> any Kerberos credentails)
>       at 
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399)
>       at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348)
>       at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519)
>       at 
> org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82)
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to