[
https://issues.apache.org/jira/browse/KNOX-25?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14517304#comment-14517304
]
Kevin Minder commented on KNOX-25:
----------------------------------
This feature cannot be considered complete due to issues encountered with
clients such at DistCp which are not capable of SPNEGO authentication when
interacting with the DataNode. DistCp expects the BlockAccessToken to be
sufficient for access. The same it true for requests that contain delegations
tokens. Client typically do not expect a SPNEGO challenge when they provide
delegation tokens.
> Knox should support authentication using SPNEGO from browser
> ------------------------------------------------------------
>
> Key: KNOX-25
> URL: https://issues.apache.org/jira/browse/KNOX-25
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
> Affects Versions: 0.2.0
> Reporter: Kevin Minder
> Assignee: Dilli Arumugam
> Fix For: 0.7.0
>
> Attachments: KNOX-25.patch, KNOX-25.patch.1
>
>
> The basic interactions flow might look like this.
> 1. Client authenticates with KDC
> 2. Client requests HDFS resource via gateway
> 3. Knox authenticates client via SPNEGO
> 4. Knox authentication Service via SPNEGO
> 5. Gateway dispatches request and tokens to service.
> 6. Service provides response including hadoop.auth cookie. This prevents
> subsequent KDC and SPNEGO interactions.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
