[ https://issues.apache.org/jira/browse/HDFS-5854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13886657#comment-13886657 ]
Daryn Sharp commented on HDFS-5854: ----------------------------------- Sidenote, one of the spnego patches I have available for webhdfs's http protocol violations will cause the body to contain "Authentication required". I do find it humorous that it currently appears to blame Jetty itself. :) I'm not disagreeing with the fallback because it doesn't make sense for the NN UI to depend on an optional service. I've been a bit dismayed about the direct reliance on webhdfs http calls because it's problematic when the NN UI is protected by a custom non-spnego auth filter - in our case and probably yours because desktop clients aren't configured to do spnego. Yet the UI references URL's that require spnego which the client cannot do. Perhaps the NN should be internally invoking the servlets to get the response direct webhdfs calls would return. That retains the cool new UI and allows flexibility for authentication. > WebHDFS file browsing not working on secure cluster -or displaying meaningful > errors > ------------------------------------------------------------------------------------ > > Key: HDFS-5854 > URL: https://issues.apache.org/jira/browse/HDFS-5854 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs > Affects Versions: 2.4.0 > Environment: linux, kerberized 2.4.0 snapshot, commit #941ce6a > Reporter: Steve Loughran > Attachments: Screen Shot 2014-01-30 at 10.16.45.png > > > webhdfs is on by default and the new NN status UI is coming up (after setting > the {{ 'dfs.web.authentication.kerberos.principal}} property -but the FS > browser failing with error code 401 -unauth. > That's inevitably security related -somehow. But > # the principal is set -or does httpfs-site.xml need to be filled in too? > # if it is invalid, then some statement in the GUI should be provided -- This message was sent by Atlassian JIRA (v6.1.5#6160)