[
https://issues.apache.org/jira/browse/HDFS-12284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16673539#comment-16673539
]
Íñigo Goiri commented on HDFS-12284:
------------------------------------
I found another small issue with keytabs.
When the RouterHttpServer starts it does:
{code}
NameNodeHttpServer.initWebHdfs(conf, httpAddress.getHostName(), httpServer,
RouterWebHdfsMethods.class.getPackage().getName());
{code}
This function is in the NN and is pretty generic.
However, it then calls to {{NameNodeHttpServer#getAuthFilterParams}}, which
does:
{code}
String httpKeytab = conf.get(DFSUtil.getSpnegoKeytabKey(conf,
DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY));
{code}
In most cases, the regular web keytab will kick in, but we should make this a
parameter and load the Router one just in case.
This would imply a little refactor in NameNodeHttpServer so I'll open a JIRA
for that.
> RBF: Support for Kerberos authentication
> ----------------------------------------
>
> Key: HDFS-12284
> URL: https://issues.apache.org/jira/browse/HDFS-12284
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: security
> Reporter: Zhe Zhang
> Assignee: Sherwood Zheng
> Priority: Major
> Attachments: HDFS-12284-HDFS-13532.004.patch,
> HDFS-12284-HDFS-13532.005.patch, HDFS-12284-HDFS-13532.006.patch,
> HDFS-12284-HDFS-13532.007.patch, HDFS-12284-HDFS-13532.008.patch,
> HDFS-12284-HDFS-13532.009.patch, HDFS-12284-HDFS-13532.010.patch,
> HDFS-12284-HDFS-13532.011.patch, HDFS-12284-HDFS-13532.012.patch,
> HDFS-12284-HDFS-13532.013.patch, HDFS-12284.000.patch, HDFS-12284.001.patch,
> HDFS-12284.002.patch, HDFS-12284.003.patch
>
>
> HDFS Router should support Kerberos authentication and issuing / managing
> HDFS delegation tokens.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
