[
https://issues.apache.org/jira/browse/KNOX-2612?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17358941#comment-17358941
]
Larry McCay commented on KNOX-2612:
-----------------------------------
[~Rohannimmagadda] - it appears that you are trying to use Knox to proxy access
of webhdfs in a unsecured cluster or at least webhdfs and Knox does think it is
kerberized.
When Knox is not kerberized it will indeed send user.name instead of doas.
It will also ignore any attempt to specify the user via user.name and doas via
the end user request as this would allow spoofing of identity.
Know is a proxy user in the hadoop ecosystem and requires secure authentication
via kerberos + doas query parameter. If neither are kerberized it will support
pseudo or simple based authentication to the backend service which requires a
user.name query param.
> Knox + webHDFS is not working with Hadoop 3.3
> ----------------------------------------------
>
> Key: KNOX-2612
> URL: https://issues.apache.org/jira/browse/KNOX-2612
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxSSO, Server
> Affects Versions: 1.4.0, 1.5.0
> Reporter: Rohan Nimmagadda
> Priority: Blocker
>
> Hadoop 3.3 Webhdfs is not working with Knox end point getting below exception
> Tried hadoop side of things by changing hadoop.http.filter.initializers in
> core-site to default AuthFilter and
> org.apache.hadoop.security.AuthenticationFilterInitializer value
> result shows same having issues with webHDFS
> Knox Webhdfs API :
> [https://knoxhost:8443/gateway/default/webhdfs/v1/tmp/?|https://drcn1003.target.com:8443/gateway/bigred/webhdfs/v1/tmp/?]
> &op=LISTSTATUS
> {"RemoteException":\{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed
> to obtain user group information: java.io.IOException: Security enabled but
> user not authenticated by filter"}}
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
