[
https://issues.apache.org/jira/browse/HDFS-5108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13746139#comment-13746139
]
narayana b commented on HDFS-5108:
----------------------------------
i understood the issue
i have 3 user a/cs in my machine : root, narayana, hadoopA
i used to login in to narayana a/c always & i connect to hadoopA user using
terminal(shell)
so when i start browser and access http://localhost:50070 i get 401 error, that
belongs to narayana a/c.
I did kinit hadoopA/admin on narayana terminal narayana@xeon $ kinit
hadoopA/admin
Asked pwd, entered then if i access http://localhost:50070 able to access the
page.
It is a good experience on single node multi user a/c, kerberos-server&client,
Thanks for your support, you can close it.
> hadoop 1.2.1 spengo HTTP web console access issue
> -------------------------------------------------
>
> Key: HDFS-5108
> URL: https://issues.apache.org/jira/browse/HDFS-5108
> Project: Hadoop HDFS
> Issue Type: Bug
> Environment: CentOS 6.4 32 bit, jdk1.6_u45,
> installed: kerberos5-1.10 server, client
> Reporter: narayana b
>
> Hi Good Morning,
> 1) i created kerberos DB, realm and able to test properly
>
> added valid principals, key tab files generated using kadmin, signature
> created using udev/random
> I replaced latest jce libs from oracle to support sha1-96...
> $ kinit
> $ klist
> 2) i followed this link and configured appropriate
> http://hadoop.apache.org/docs/stable/HttpAuthentication.html
> core-site.xml
> <!-- HTTP web-consoles Authentication -->
> <property>
> <name>hadoop.http.filter.initializers</name>
> <value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
> </property>
> <property>
> <name>hadoop.http.authentication.type</name>
> <value>kerberos</value>
> </property>
> <property>
> <name>hadoop.http.authentication.token.validity</name>
> <value>36000</value>
> </property>
> <property>
> <name>hadoop.http.authentication.signature.secret.file</name>
> <value>/opt/software/hadoop-1.2.1/conf/security/http-secret-file</value>
> </property>
> <property>
> <name>hadoop.http.authentication.cookie.domain</name>
> <value></value>
> </property>
> <property>
> <name>hadoop.http.authentication.simple.anonymous.allowed</name>
> <value>false</value>
> </property>
> <property>
> <name>hadoop.http.authentication.kerberos.principal</name>
> <value>HTTP/[email protected]</value>
> </property>
> <property>
> <name>hadoop.http.authentication.kerberos.keytab</name>
> <value>/opt/software/hadoop-1.2.1/conf/security/mergedKT.keytab</value>
> </property>
> </configuration>
> 3)I have tested kerberos spengo http to namenode, jobnode on
> single cluster environment but failed to access web consoles
> On browser: about:config then added negotiate-uri to localhost
> On browser : http://localhost:50070
> Result: on browser.... index.html 401 error
> 4) curl -v -u hadoopA --negotiate http://localhost:50070 - works well
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
