I read through the article but I'm not sure if it's the startup.properties that
is causing this issue. I think its because the server is configured to
authenticate using kerberos and the browser is unable to provide a valid
keytab. If that is the case, how do I configure the browser to do that. If that
is not the case, what might be the issue here? Following is a snippet from my
startup.properties file.
##### SPNEGO Configuration
# Authentication type must be specified: simple|kerberos|<class>
# org.apache.falcon.security.RemoteUserInHeaderBasedAuthenticationHandler can
be used for backwards compatibility
#*.falcon.http.authentication.type=simple
*.falcon.http.authentication.type=kerberos
# Indicates how long (in seconds) an authentication token is valid before it
has to be renewed.
*.falcon.http.authentication.token.validity=36000
# The signature secret for signing the authentication tokens.
*.falcon.http.authentication.signature.secret=falcon
# The domain to use for the HTTP cookie that stores the authentication token.
*.falcon.http.authentication.cookie.domain=
# Indicates if anonymous requests are allowed when using 'simple'
authentication.
*.falcon.http.authentication.simple.anonymous.allowed=true
# Indicates the Kerberos principal to be used for HTTP endpoint.
# The principal MUST start with 'HTTP/' as per Kerberos HTTP SPNEGO
specification.
#*.falcon.http.authentication.kerberos.principal=
*.falcon.http.authentication.kerberos.principal=HTTP/<principal_name>@DEV.YGRID.YAHOO.COM
# Location of the keytab file with the credentials for the HTTP principal.
#*.falcon.http.authentication.kerberos.keytab=
*.falcon.http.authentication.kerberos.keytab=/homes/mmukhi/keytab_file.keytab
Regards,
Mahak Mukhi
On Tuesday, May 12, 2015 1:31 AM, Balu Vellanki
<[email protected]> wrote:
Hi
One the user provides user.name through the prompt, it is stored in
localStorage object. The issue is most probably with authentication
settings in startup.properties.
Please look at http://falcon.apache.org/Security.html and make sure the
properties have correct values,
Thanks
Balu
On 5/11/15, 9:21 PM, "Pallavi Rao" <[email protected]> wrote:
>Mahak,
>I have noticed that UI requires user.name to be passed as query param,
>without which it throws that error. Try with
>https://localhost:15443/?user.name=<user name>
>
>The user is not really authenticated.
>
>If this doesn't work, then, pass on the config files and logs (as Ying has
>requested), so, we can debug further.
>
>Thanks,
>Pallavi
>
>On Tue, May 12, 2015 at 5:17 AM, Ying Zheng <[email protected]>
>wrote:
>
>> Hi Mahak,
>>
>> Could you share your configuration file 'startup.properties'? Could you
>> provide your falcon.application.log under logs folder?
>>
>> It is very likely that your startup.property is not set up correctly.
>>Here
>> is a guideline:
>> http://falcon.apache.org/Security.html
>>
>>
>> Thanks,
>> Ying
>>
>>
>> On 5/11/15, 4:05 PM, "Mahak Mukhi" <[email protected]> wrote:
>>
>> >Hi,
>> >Whenever I try and access the UI to my falcon
>> >server(https://<servername>:15443/) it prompts to ask for a user.name
>> >which follows with the following exception Failed to load data. Error:
>> >401 Authentication required.
>> >What might be causing this?
>> > Regards,
>> >Mahak Mukhi
>>
>>
>
>--
>_____________________________________________________________
>The information contained in this communication is intended solely for
>the
>use of the individual or entity to whom it is addressed and others
>authorized to receive it. It may contain confidential or legally
>privileged
>information. If you are not the intended recipient you are hereby
>notified
>that any disclosure, copying, distribution or taking any action in
>reliance
>on the contents of this information is strictly prohibited and may be
>unlawful. If you have received this communication in error, please notify
>us immediately by responding to this email and then delete it from your
>system. The firm is neither liable for the proper and complete
>transmission
>of the information contained in this communication nor for any delay in
>its
>receipt.
