[
https://issues.apache.org/jira/browse/HDFS-5108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13745491#comment-13745491
]
Dilli Dorai Minnal Arumugam commented on HDFS-5108:
---------------------------------------------------
Assuming you are using Firefox.
Have you configured Firefox to do SPNego for localhost?
These are the steps for doing that
Type in the address bar of Firefox
about:config
It would warn you. Accept the warning.
Type in the Search text box (immediately below address bar)
network.negotiate-auth.trusted-uris
Double click the preference line
network.negotiate-auth.trusted-uris
You would see a pop up
Enter in the pop up
localhost
Then, click OK.
Now access
http://localhost:50070
By the way you should have kinit(ed) as the user running Firefox.
Please update the Jira if this fixes your problem.
It it does not fix the problem, please review your namenode logs and look for
any relevant messages.
> hadoop 1.2.1 spengo HTTP web console access issue
> -------------------------------------------------
>
> Key: HDFS-5108
> URL: https://issues.apache.org/jira/browse/HDFS-5108
> Project: Hadoop HDFS
> Issue Type: Bug
> Environment: CentOS 6.4 32 bit, jdk1.6_u45,
> installed: kerberos5-1.10 server, client
> Reporter: narayana b
>
> Hi Good Morning,
> 1) i created kerberos DB, realm and able to test properly
>
> added valid principals, key tab files generated using kadmin, signature
> created using udev/random
> I replaced latest jce libs from oracle to support sha1-96...
> $ kinit
> $ klist
> 2) i followed this link and configured appropriate
> http://hadoop.apache.org/docs/stable/HttpAuthentication.html
> core-site.xml
> <!-- HTTP web-consoles Authentication -->
> <property>
> <name>hadoop.http.filter.initializers</name>
> <value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
> </property>
> <property>
> <name>hadoop.http.authentication.type</name>
> <value>kerberos</value>
> </property>
> <property>
> <name>hadoop.http.authentication.token.validity</name>
> <value>36000</value>
> </property>
> <property>
> <name>hadoop.http.authentication.signature.secret.file</name>
> <value>/opt/software/hadoop-1.2.1/conf/security/http-secret-file</value>
> </property>
> <property>
> <name>hadoop.http.authentication.cookie.domain</name>
> <value></value>
> </property>
> <property>
> <name>hadoop.http.authentication.simple.anonymous.allowed</name>
> <value>false</value>
> </property>
> <property>
> <name>hadoop.http.authentication.kerberos.principal</name>
> <value>HTTP/[email protected]</value>
> </property>
> <property>
> <name>hadoop.http.authentication.kerberos.keytab</name>
> <value>/opt/software/hadoop-1.2.1/conf/security/mergedKT.keytab</value>
> </property>
> </configuration>
> 3)I have tested kerberos spengo http to namenode, jobnode on
> single cluster environment but failed to access web consoles
> On browser: about:config then added negotiate-uri to localhost
> On browser : http://localhost:50070
> Result: on browser.... index.html 401 error
> 4) curl -v -u hadoopA --negotiate http://localhost:50070 - works well
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
