[
https://issues.apache.org/jira/browse/HDFS-15271?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17081806#comment-17081806
]
Masatake Iwasaki commented on HDFS-15271:
-----------------------------------------
{{dfs.web.authentication.kerberos.principal}} is used in hdfs-default.xml as a
default value of
{{dfs.(namenode|journalnode|secondary.namenode).kerberos.internal.spnego.principal}}
. Those {{dfs.*.kerberos.internal.spnego.principal}} and
{{dfs.web.authentication.kerberos.keytab}} are used in NameNodeHttpServer as
argutments of DFSUtil.httpServerTemplateForNNAndJN. AuthenticationFilter added
by HttpServer2 uses these properties to get principal and keytab.
HADOOP-16354 introduced AuthFilter (which obsoletes AuthenticationFilter) to
Web servers of NN, SNN and JN (via AuthFilterInitializer. see
{{DFSUtil#httpServerTemplateForNNAndJN}}). We must set
{{hadoop.http.authentication.kerberos.(principal|keytab)}} to be authenticated
by the AuthFilter.
> Remove obsolete SPNEGO configuration of NN, SNN and JN.
> -------------------------------------------------------
>
> Key: HDFS-15271
> URL: https://issues.apache.org/jira/browse/HDFS-15271
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.3.0
> Reporter: Masatake Iwasaki
> Assignee: Masatake Iwasaki
> Priority: Minor
>
> After HADOOP-16354,
> {{hadoop.http.authentication.kerberos.(principal|keytab)}} obsoleted
> {{dfs.web.authentication.kerberos.(principal|keytab)}}.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
