[jira] [Updated] (KNOX-355) Support Knox authentication provider based on hadoop.security.authentication.server.AuthenticationHandler

Sun, 27 Jul 2014 22:58:30 -0700 

     [ 
https://issues.apache.org/jira/browse/KNOX-355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dilli Arumugam updated KNOX-355:
--------------------------------

    Resolution: Fixed
        Status: Resolved  (was: Patch Available)

A topology template file submitted with the patch illustrates the use of the 
enhancement.

The topology file is
gateway-release/home/templates/hada.xml

Please pay attention to the authentication provider definition in the topology 
file.

Please see  the following link for more details  Hadoop Auth configuration 
parameters.
http://hadoop.apache.org/docs/current/hadoop-auth/Configuration.html

  <provider>
            <role>authentication</role>
            <name>HadoopAuth</name>
            <enabled>true</enabled>

            <param>
                <name>config.prefix</name>
                <value>hadoop.auth.config</value>
            </param>
            <param>
                <name>hadoop.auth.config.signature.secret</name>
                <value>78hdkjaka</value>
            </param>
            <param>
                <name>hadoop.auth.config.type</name>
                <value>simple</value>
            </param>
            <param>
                <name>hadoop.auth.config.simple.anonymous.allowed</name>
                <value>false</value> <!-- default: false -->
            </param>
            <param>
                <name>hadoop.auth.config.token.validity</name>
                <value>1800</value>
            </param>
            <param>
                <name>hadoop.auth.config.cookie.domain</name>
                <value>hdp.example.com</value>
            </param>
            <param>
                <name>hadoop.auth.config.cookie.path</name>
                <value>gateway/hada</value>
            </param>

        </provider>

Manual testing done using curl command line:

With the topology hada.xml deployed on knox running at hdp.exmaple.com:8443,  
the following command produced the correct output

curl -i -k 
'https://hdp.example.com:8443/gateway/hada/webhdfs/v1?op=GETHOMEDIRECTORY&user.name=guest'

curl -i -k 
'https://hdp.example.com:8443/gateway/hada/webhdfs/v1?op=GETHOMEDIRECTORY&user.name=guest'
HTTP/1.1 200 OK
Set-Cookie: 
hadoop.auth="u=guest&p=guest&t=simple&e=1406528637141&s=a9FISwx62cb8aGF5hhjgNM+ca18=";Path=gateway/hada;Domain=hdp.example.com
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Expires: Mon, 28 Jul 2014 05:53:57 GMT
Date: Mon, 28 Jul 2014 05:53:57 GMT
Pragma: no-cache
Expires: Mon, 28 Jul 2014 05:53:57 GMT
Date: Mon, 28 Jul 2014 05:53:57 GMT
Pragma: no-cache
Server: Jetty(6.1.26)
Content-Type: application/json
Content-Length: 22

{"Path":"/user/guest"}




> Support Knox authentication provider based on 
> hadoop.security.authentication.server.AuthenticationHandler
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: KNOX-355
>                 URL: https://issues.apache.org/jira/browse/KNOX-355
>             Project: Apache Knox
>          Issue Type: Improvement
>            Reporter: Dilli Arumugam
>            Assignee: Dilli Arumugam
>         Attachments: KNOX-355.patch
>
>
> Support Knox authentication provider based on 
> hadoop.security.authentication.server.AuthenticationHandler
> This would allow us to leverage most of the work done in 
> hadoop.security.authentication.server module for HTTP client authentication.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to