[
https://issues.apache.org/jira/browse/KNOX-916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15949606#comment-15949606
]
Larry McCay commented on KNOX-916:
----------------------------------
[~Wancy] and [~jeffreyr97] - interesting conversation and points...
My inclination is to say not to do that. :)
There is no reason that I can think of that you should be kinit'ing as the knox
user ever.
At the same time, I can't say that there is any particular reasoning behind the
jaas config being the way it is.
If you have some strange need to kinit as knox then you should change the jaas
config so that it works for your deployment.
If changing it so that it accommodates you doing that doesn't adversely affect
anything else then we can consider changing the default config.
> When REST endpoint enables SPNEGO and there is valid kerberos ticket cache
> for knox user, REST call through knox will show 401 error
> ------------------------------------------------------------------------------------------------------------------------------------
>
> Key: KNOX-916
> URL: https://issues.apache.org/jira/browse/KNOX-916
> Project: Apache Knox
> Issue Type: Bug
> Affects Versions: 0.11.0
> Reporter: Shi Wang
> Assignee: Shi Wang
>
> For example, if webhdfs uses SPNEGO authentication, and curl through knox, su
> knoxuser and klist, if there is valid kerberos ticket cached for knoxuser,
> then it will show 401 unauthorized error. But if the cached ticket expired or
> do not have any cached ticket, could get 200 correct result.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
