[ https://issues.apache.org/jira/browse/HDFS-5661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13848011#comment-13848011 ]
Benoy Antony commented on HDFS-5661: ------------------------------------ Only Namenode will authenticate a client using HDFS Delegation Token ( which is issued by the Namenode.) The client still needs to authenticate to the datanode and cannot use the Delegation Token for this purpose. The configuration related to the cookie domain is hadoop.http.authentication.cookie.domain and more details on the authentication of http consoles is here : https://hadoop.apache.org/docs/current2/hadoop-project-dist/hadoop-common/HttpAuthentication.html When browsing the filesystem via original webui, the DelegationToken is used by the DataNode to contact the Namenode . > Browsing FileSystem via web ui, should use datanode's hostname instead of ip > address > ------------------------------------------------------------------------------------ > > Key: HDFS-5661 > URL: https://issues.apache.org/jira/browse/HDFS-5661 > Project: Hadoop HDFS > Issue Type: Bug > Affects Versions: 2.2.0 > Reporter: Benoy Antony > Assignee: Benoy Antony > Attachments: HDFS-5661.patch > > > If authentication is enabled on the web ui, then a cookie is used to keep > track of the authentication information. There is normally a domain > associated with the cookie. Since ip address doesn't have any domain , the > cookie will not be sent by the browser while making http calls with ip > address as the destination server. > This will break browsing files system via web ui , if authentication is > enabled. > Browsing FileSystem via web ui, should use datanode's hostname instead of ip > address. -- This message was sent by Atlassian JIRA (v6.1.4#6159)