Github user raghavgautam commented on a diff in the pull request:
https://github.com/apache/storm/pull/1636#discussion_r75531803
--- Diff: docs/SECURITY.md ---
@@ -81,7 +81,9 @@ curl -i --negotiate -u:anyUser -b ~/cookiejar.txt -c
~/cookiejar.txt http://s
1. Firefox: Goto about:config and search for
network.negotiate-auth.trusted-uris double-click to add value
"http://storm-ui-hostname:8080";
2. Google-chrome: start from command line with: google-chrome
--auth-server-whitelist="*storm-ui-hostname"
--auth-negotiate-delegate-whitelist="*storm-ui-hostname"
-3. IE: Configure trusted websites to include "storm-ui-hostname" and
allow negotiation for that website
+3. IE: Configure trusted websites to include "storm-ui-hostname" and
allow negotiation for that website
+
+**Note**: For viewing any logs via `logviewer` in secure mode, all the
hosts that runs `logviewer` should also be added to the above white list.
--- End diff --
For a large cluster, adding all log viewers hosts may not scale well for
large cluster. In case of firefox just adding domain suffices. Suppose your
cluster has:
c1.apache.org
c2.apache.org
c3.apache.org
Then we can set network.negotiate-auth.trusted-uris to `.apache.org`
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
