[jira] [Commented] (KNOX-916) When REST endpoint enables SPNEGO and there is valid kerberos ticket cache for knox user, REST call through knox will show 401 error

Shi Wang (JIRA) Thu, 30 Mar 2017 14:31:04 -0700

    [ 
https://issues.apache.org/jira/browse/KNOX-916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15949882#comment-15949882
 ]


Shi Wang commented on KNOX-916:
-------------------------------

Hi [~jeffreyr97],

Thanks for your suggestions, I tried that but still get 401. The way it could 
work without kdestroy the ticket (if there happens to be any) is changing 
renewTGT=true and useTicketCache=true to renewTGT=true useTicketCache=false

> When REST endpoint enables SPNEGO and there is valid kerberos ticket cache 
> for knox user, REST call through knox will show 401 error
> ------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: KNOX-916
>                 URL: https://issues.apache.org/jira/browse/KNOX-916
>             Project: Apache Knox
>          Issue Type: Bug
>    Affects Versions: 0.11.0
>            Reporter: Shi Wang
>            Assignee: Shi Wang
>
> For example, if webhdfs uses SPNEGO authentication, and curl through knox, su 
> knoxuser and klist, if there is valid kerberos ticket cached for knoxuser, 
> then it will show 401 unauthorized error. But if the cached ticket expired or 
> do not have any cached ticket, could get 200 correct result.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (KNOX-916) When REST endpoint enables SPNEGO and there is valid kerberos ticket cache for knox user, REST call through knox will show 401 error

Reply via email to