[
https://issues.apache.org/jira/browse/HDFS-4585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13601389#comment-13601389
]
Alejandro Abdelnur commented on HDFS-4585:
------------------------------------------
hadoop-auth {{KerberosAuthenticator}} is just base64-ing the produced
{{gssContext.initSecContext()}}, so I don't think the prob is in hadoop-auth
SPNEGO. It could be that the token produced by Java GSS is more verbose thus
longer, but still correct. But I don't really know if that would be possible.
> Webhdfs sometimes can't negotiate a SPNEGO token
> ------------------------------------------------
>
> Key: HDFS-4585
> URL: https://issues.apache.org/jira/browse/HDFS-4585
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: webhdfs
> Affects Versions: 2.0.0-alpha, 3.0.0, 0.23.7
> Reporter: Daryn Sharp
>
> I'm not sure if this is a curl problem or webhdfs problem, but webhdfs will
> reject some users because the Authorization header is too big. In the case
> below, the header contains 4041 bytes, whereas a keytab user is generating
> 1745 bytes. The failed user can use webhdfs via "hadoop fs", but not via
> curl.
> {noformat}
> curl -v --negotiate -u : 'http://host/webhdfs/v1/?op=GETDELEGATIONTOKEN'
> > GET /webhdfs/v1/?op=GETDELEGATIONTOKEN HTTP/1.1
> > Authorization: Negotiate <<4041 bytes>>
> > User-Agent: curl/7.19.5
> > Host: host
> > Accept: */*
> >
> < HTTP/1.1 413 FULL head
> < Connection: close
> < Server: Jetty(6.1.26)
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
