[jira] [Updated] (KNOX-25) Knox should support authentication using SPNEGO from browser

Sun, 27 Jul 2014 23:12:20 -0700 

     [ 
https://issues.apache.org/jira/browse/KNOX-25?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dilli Arumugam updated KNOX-25:
-------------------------------

    Resolution: Fixed
        Status: Resolved  (was: Patch Available)

Topology file bundled with Knox

gateway-release/home/templates/hadas.xml

illustrated the topology configuration to allow authentication Knox client with 
SPNego.

Manual testing done with curl client, with knox running topology hadas.xml on 
host hdp.example.com

    kinit guest/[email protected]
   
curl -i -k --negotiate -u : 
'https://hdp.example.com:8443/gateway/hadas/webhdfs/v1?op=GETHOMEDIRECTORY'
HTTP/1.1 401 
WWW-Authenticate: Negotiate
Set-Cookie: hadoop.auth=;Path=gateway/hada;Domain=hdp.example.com;Expires=Thu, 
01-Jan-1970 00:00:00 GMT
Content-Type: text/html;charset=ISO-8859-1
Cache-Control: must-revalidate,no-cache,no-store
Content-Length: 1371
Server: Jetty(8.1.14.v20131031)

HTTP/1.1 200 OK
Set-Cookie: 
hadoop.auth="u=guest&p=guest/[email protected]&t=kerberos&e=1406529407430&s=oIYyRIVP6IDJ8VYW5PviXxZyYiA=";Path=gateway/hada;Domain=hdp.example.com
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Expires: Mon, 28 Jul 2014 06:06:47 GMT
Date: Mon, 28 Jul 2014 06:06:47 GMT
Pragma: no-cache
Expires: Mon, 28 Jul 2014 06:06:47 GMT
Date: Mon, 28 Jul 2014 06:06:47 GMT
Pragma: no-cache
Server: Jetty(6.1.26)
Content-Type: application/json
Content-Length: 22

{"Path":"/user/guest"}






> Knox should support authentication using SPNEGO from browser
> ------------------------------------------------------------
>
>                 Key: KNOX-25
>                 URL: https://issues.apache.org/jira/browse/KNOX-25
>             Project: Apache Knox
>          Issue Type: New Feature
>          Components: Server
>    Affects Versions: 0.2.0
>            Reporter: Kevin Minder
>            Assignee: Dilli Arumugam
>             Fix For: 0.5.0
>
>         Attachments: KNOX-25.patch
>
>
> From BUG-4304
> The basic interactions flow might look like this.
> 1. Client authenticates with KDC
> 2. Client requests HDFS resource via gateway
> 3. Gateway forwards original request to service
> 4. Service challenges with SPNEGO
> 5. Gateway returns challenge to client.
> 6. Client resends request with tokens
> 7. Gateway dispatches request and tokens to service.
> 8. Service provides response including hadoop.auth cookie. This prevents 
> subsequent KDC and SPNEGO interactions.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to