[
https://issues.apache.org/jira/browse/HDFS-4794?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13671754#comment-13671754
]
Jitendra Nath Pandey commented on HDFS-4794:
--------------------------------------------
I noticed that StreamFile servlet might have similar issue because it uses
namenode address in datanode which may not be the rpc address.
I am worried there could be several places we might overlook where service
address is being used. Also, the behavior is not clear if JspHelper on the
namenode.
Why is it difficult to backport the fix from trunk to the branch? Is it just
because it is a bigger patch or because code structure has changed so much that
branch-1 needs a different fix altogether?
> Browsing filesystem via webui throws kerberos exception when NN service RPC
> is enabled in a secure cluster
> ----------------------------------------------------------------------------------------------------------
>
> Key: HDFS-4794
> URL: https://issues.apache.org/jira/browse/HDFS-4794
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
> Affects Versions: 1.1.2
> Reporter: Benoy Antony
> Assignee: Benoy Antony
> Attachments: HDFS-4794.patch
>
>
> Browsing filesystem via webui throws kerberos exception when NN service RPC
> is enabled in a secure cluster
> To reproduce this error,
> Enable security
> Enable serviceRPC by setting dfs.namenode.servicerpc-address and use a
> different port than the rpc port.
> Click on "Browse the filesystem" on NameNode web.
> The following error will be shown :
> Call to NN001/12.123.123.01:8030 failed on local exception:
> java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed
> [Caused by GSSException: No valid credentials provided (Mechanism level:
> Failed to find any Kerberos tgt)]
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
