[
https://issues.apache.org/jira/browse/HDFS-5108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
narayana b updated HDFS-5108:
-----------------------------
Description:
Hi Good Morning,
1) i created kerberos DB, realm and able to test properly
added valid principals, key tab files generated using kadmin, signature
created using udev/random
I replaced latest jce libs from oracle to support sha1-96...
$ kinit
$ klist
2) i followed this link and configured appropriate
http://hadoop.apache.org/docs/stable/HttpAuthentication.html
core-site.xml
<!-- HTTP web-consoles Authentication -->
<property>
<name>hadoop.http.filter.initializers</name>
<value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
</property>
<property>
<name>hadoop.http.authentication.type</name>
<value>kerberos</value>
</property>
<property>
<name>hadoop.http.authentication.token.validity</name>
<value>36000</value>
</property>
<property>
<name>hadoop.http.authentication.signature.secret.file</name>
<value>/opt/software/hadoop-1.2.1/conf/security/http-secret-file</value>
</property>
<property>
<name>hadoop.http.authentication.cookie.domain</name>
<value></value>
</property>
<property>
<name>hadoop.http.authentication.simple.anonymous.allowed</name>
<value>false</value>
</property>
<property>
<name>hadoop.http.authentication.kerberos.principal</name>
<value>HTTP/[email protected]</value>
</property>
<property>
<name>hadoop.http.authentication.kerberos.keytab</name>
<value>/opt/software/hadoop-1.2.1/conf/security/mergedKT.keytab</value>
</property>
</configuration>
3)I have tested kerberos spengo http to namenode, jobnode on single
cluster environment but failed to access web consoles
On browser : http://localhost:50070
Result: browser on browser401 error
4) curl -v -u hadoopA --negotiate http://localhost:50070 - works well
was:
Hi Good Morning,
1) i created kerberos DB, realm and able to test properly
added valid principals, key tab files generated using, signature created
I replaced latest jce libs from oracle to support sha1-96...
$ kinit
$ klist
2) i followed this link and configured appropriate
http://hadoop.apache.org/docs/stable/HttpAuthentication.html
core-site.xml
<!-- HTTP web-consoles Authentication -->
<property>
<name>hadoop.http.filter.initializers</name>
<value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
</property>
<property>
<name>hadoop.http.authentication.type</name>
<value>kerberos</value>
</property>
<property>
<name>hadoop.http.authentication.token.validity</name>
<value>36000</value>
</property>
<property>
<name>hadoop.http.authentication.signature.secret.file</name>
<value>/opt/software/hadoop-1.2.1/conf/security/http-secret-file</value>
</property>
<property>
<name>hadoop.http.authentication.cookie.domain</name>
<value></value>
</property>
<property>
<name>hadoop.http.authentication.simple.anonymous.allowed</name>
<value>false</value>
</property>
<property>
<name>hadoop.http.authentication.kerberos.principal</name>
<value>HTTP/[email protected]</value>
</property>
<property>
<name>hadoop.http.authentication.kerberos.keytab</name>
<value>/opt/software/hadoop-1.2.1/conf/security/mergedKT.keytab</value>
</property>
</configuration>
3)I have tested kerberos spengo http to namenode, jobnode on single
cluster environment but failed to access web consoles
On browser : http://localhost:50070
Result: browser on browser401 error
4) curl -v -u hadoopA --negotiate http://localhost:50070 - works well
> hadoop 1.2.1 spengo HTTP web console access issue
> -------------------------------------------------
>
> Key: HDFS-5108
> URL: https://issues.apache.org/jira/browse/HDFS-5108
> Project: Hadoop HDFS
> Issue Type: Bug
> Environment: CentOS 6.3 32 bit, jdk1.6_u45, kerberos5-1.10 server
> Reporter: narayana b
>
> Hi Good Morning,
> 1) i created kerberos DB, realm and able to test properly
>
> added valid principals, key tab files generated using kadmin, signature
> created using udev/random
> I replaced latest jce libs from oracle to support sha1-96...
> $ kinit
> $ klist
> 2) i followed this link and configured appropriate
> http://hadoop.apache.org/docs/stable/HttpAuthentication.html
> core-site.xml
> <!-- HTTP web-consoles Authentication -->
> <property>
> <name>hadoop.http.filter.initializers</name>
> <value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
> </property>
> <property>
> <name>hadoop.http.authentication.type</name>
> <value>kerberos</value>
> </property>
> <property>
> <name>hadoop.http.authentication.token.validity</name>
> <value>36000</value>
> </property>
> <property>
> <name>hadoop.http.authentication.signature.secret.file</name>
> <value>/opt/software/hadoop-1.2.1/conf/security/http-secret-file</value>
> </property>
> <property>
> <name>hadoop.http.authentication.cookie.domain</name>
> <value></value>
> </property>
> <property>
> <name>hadoop.http.authentication.simple.anonymous.allowed</name>
> <value>false</value>
> </property>
> <property>
> <name>hadoop.http.authentication.kerberos.principal</name>
> <value>HTTP/[email protected]</value>
> </property>
> <property>
> <name>hadoop.http.authentication.kerberos.keytab</name>
> <value>/opt/software/hadoop-1.2.1/conf/security/mergedKT.keytab</value>
> </property>
> </configuration>
> 3)I have tested kerberos spengo http to namenode, jobnode on single
> cluster environment but failed to access web consoles
> On browser : http://localhost:50070
> Result: browser on browser401 error
> 4) curl -v -u hadoopA --negotiate http://localhost:50070 - works well
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
