Hi Mahak In a setup that I have, the one difference between your configs and mine is this.
*.falcon.http.authentication.type=simple We use simple because the UI is currently read-only. If you want to set this to kerberos, you will have to configure your browser. An example doc for firefox is at http://www.microhowto.info/howto/configure_firefox_to_authenticate_using_sp nego_and_kerberos.html Thanks Balu Vellanki On 5/13/15, 7:48 AM, "Mahak Mukhi" <[email protected]> wrote: >I read through the article but I'm not sure if it's the >startup.properties that is causing this issue. I think its because the >server is configured to authenticate using kerberos and the browser is >unable to provide a valid keytab. If that is the case, how do I configure >the browser to do that. If that is not the case, what might be the issue >here? Following is a snippet from my startup.properties file. >##### SPNEGO Configuration > ># Authentication type must be specified: simple|kerberos|<class> ># org.apache.falcon.security.RemoteUserInHeaderBasedAuthenticationHandler >can be used for backwards compatibility >#*.falcon.http.authentication.type=simple >*.falcon.http.authentication.type=kerberos > ># Indicates how long (in seconds) an authentication token is valid before >it has to be renewed. >*.falcon.http.authentication.token.validity=36000 > ># The signature secret for signing the authentication tokens. >*.falcon.http.authentication.signature.secret=falcon > ># The domain to use for the HTTP cookie that stores the authentication >token. >*.falcon.http.authentication.cookie.domain= > ># Indicates if anonymous requests are allowed when using 'simple' >authentication. >*.falcon.http.authentication.simple.anonymous.allowed=true > ># Indicates the Kerberos principal to be used for HTTP endpoint. ># The principal MUST start with 'HTTP/' as per Kerberos HTTP SPNEGO >specification. >#*.falcon.http.authentication.kerberos.principal= >*.falcon.http.authentication.kerberos.principal=HTTP/<principal_name>@DEV. >YGRID.YAHOO.COM > ># Location of the keytab file with the credentials for the HTTP principal. >#*.falcon.http.authentication.kerberos.keytab= >*.falcon.http.authentication.kerberos.keytab=/homes/mmukhi/keytab_file.key >tab > > > Regards, >Mahak Mukhi > > > > On Tuesday, May 12, 2015 1:31 AM, Balu Vellanki ><[email protected]> wrote: > > > Hi > >One the user provides user.name through the prompt, it is stored in >localStorage object. The issue is most probably with authentication >settings in startup.properties. > >Please look at http://falcon.apache.org/Security.html and make sure the >properties have correct values, > >Thanks >Balu > >On 5/11/15, 9:21 PM, "Pallavi Rao" <[email protected]> wrote: > >>Mahak, >>I have noticed that UI requires user.name to be passed as query param, >>without which it throws that error. Try with >>https://localhost:15443/?user.name=<user name> >> >>The user is not really authenticated. >> >>If this doesn't work, then, pass on the config files and logs (as Ying >>has >>requested), so, we can debug further. >> >>Thanks, >>Pallavi >> >>On Tue, May 12, 2015 at 5:17 AM, Ying Zheng <[email protected]> >>wrote: >> >>> Hi Mahak, >>> >>> Could you share your configuration file 'startup.properties'? Could you >>> provide your falcon.application.log under logs folder? >>> >>> It is very likely that your startup.property is not set up correctly. >>>Here >>> is a guideline: >>> http://falcon.apache.org/Security.html >>> >>> >>> Thanks, >>> Ying >>> >>> >>> On 5/11/15, 4:05 PM, "Mahak Mukhi" <[email protected]> >>>wrote: >>> >>> >Hi, >>> >Whenever I try and access the UI to my falcon >>> >server(https://<servername>:15443/) it prompts to ask for a user.name >>> >which follows with the following exception Failed to load data. Error: >>> >401 Authentication required. >>> >What might be causing this? >>> > Regards, >>> >Mahak Mukhi >>> >>> >> >>-- >>_____________________________________________________________ >>The information contained in this communication is intended solely for >>the >>use of the individual or entity to whom it is addressed and others >>authorized to receive it. It may contain confidential or legally >>privileged >>information. If you are not the intended recipient you are hereby >>notified >>that any disclosure, copying, distribution or taking any action in >>reliance >>on the contents of this information is strictly prohibited and may be >>unlawful. If you have received this communication in error, please notify >>us immediately by responding to this email and then delete it from your >>system. The firm is neither liable for the proper and complete >>transmission >>of the information contained in this communication nor for any delay in >>its >>receipt. > > >
