[jira] [Commented] (HDFS-5108) hadoop 1.2.1 spengo HTTP web console access issue

Tue, 20 Aug 2013 21:36:21 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-5108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13745775#comment-13745775
 ] 

Dilli Arumugam commented on HDFS-5108:
--------------------------------------

Sorry, I missed to take note - you configured browser in step3.

Immediately after you succesully accessed 
curl -v -u hadoopA --negotiate http://localhost:50070 

Please issue klist from commandline, what is the output you see?
You would see a principal name like HTTP/...
What is the exact principal name you see here?




                
> hadoop 1.2.1 spengo HTTP web console access issue
> -------------------------------------------------
>
>                 Key: HDFS-5108
>                 URL: https://issues.apache.org/jira/browse/HDFS-5108
>             Project: Hadoop HDFS
>          Issue Type: Bug
>         Environment: CentOS 6.4 32 bit, jdk1.6_u45, 
> installed: kerberos5-1.10 server, client
>            Reporter: narayana b
>
> Hi Good Morning,
> 1) i created kerberos DB, realm and able to test properly
>    
>    added valid principals, key tab files generated using kadmin, signature 
> created using udev/random
>    I replaced latest jce libs from oracle to support sha1-96...
>    $ kinit
>    $ klist
> 2) i followed this link and configured appropriate
>      http://hadoop.apache.org/docs/stable/HttpAuthentication.html
> core-site.xml
> <!-- HTTP web-consoles Authentication -->
>   <property>
>     <name>hadoop.http.filter.initializers</name>
>     <value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.type</name>
>     <value>kerberos</value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.token.validity</name>
>     <value>36000</value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.signature.secret.file</name>
>     <value>/opt/software/hadoop-1.2.1/conf/security/http-secret-file</value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.cookie.domain</name>
>     <value></value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.simple.anonymous.allowed</name>
>     <value>false</value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.kerberos.principal</name>
>     <value>HTTP/[email protected]</value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.kerberos.keytab</name>
>     <value>/opt/software/hadoop-1.2.1/conf/security/mergedKT.keytab</value>
>   </property>
> </configuration>
> 3)I have tested kerberos spengo http to namenode, jobnode on 
>    single cluster environment but failed to access web consoles
>    On browser: about:config then added negotiate-uri to localhost
>    On browser : http://localhost:50070 
>    Result: on browser....  index.html 401 error
> 4) curl -v -u hadoopA --negotiate http://localhost:50070 - works well

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to