Forwarding it to dev@s.a.o instead of dev@s.i.a.o ---------- Forwarded message ---------- From: Sravya Tirukkovalur <sra...@cloudera.com> Date: Fri, Apr 29, 2016 at 2:51 PM Subject: Sentry web server - Spnego To: dev <d...@sentry.incubator.apache.org>
Hi Dapeng, I am trying to use Sentry webserver in kerberos mode according to https://cwiki.apache.org/confluence/display/SENTRY/Sentry+Webserver+Kerberos+Authentication+and+Authorization+Configuration Although I am able to write a java client as in test TestSentryWebServerWithKerberos.java <https://github.com/apache/incubator-sentry/blob/master/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java>, I am not able to use curl as: kinit -kt /path/..keytab principal_shortname curl -i --negotiate -u : "http://host:port/conf"; I see an error like "Error 403 GSSException: No valid credentials provided". Which makes me believe that the ticket is not being propagated correctly or there is some silly problem in the way I am using curl. But I tried accessing WebHDFS similarly and I am able to. curl -i --negotiate -u : "http://host:port/webhdfs/v1/user?op=LISTSTATUS"; Have you tried the curl way with Sentry web server and were you successful? Or has any one tried this yet? Thanks! -- Sravya Tirukkovalur -- Sravya Tirukkovalur
