[
https://issues.apache.org/jira/browse/HDFS-5854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13886657#comment-13886657
]
Daryn Sharp commented on HDFS-5854:
-----------------------------------
Sidenote, one of the spnego patches I have available for webhdfs's http
protocol violations will cause the body to contain "Authentication required".
I do find it humorous that it currently appears to blame Jetty itself. :)
I'm not disagreeing with the fallback because it doesn't make sense for the NN
UI to depend on an optional service. I've been a bit dismayed about the direct
reliance on webhdfs http calls because it's problematic when the NN UI is
protected by a custom non-spnego auth filter - in our case and probably yours
because desktop clients aren't configured to do spnego. Yet the UI references
URL's that require spnego which the client cannot do.
Perhaps the NN should be internally invoking the servlets to get the response
direct webhdfs calls would return. That retains the cool new UI and allows
flexibility for authentication.
> WebHDFS file browsing not working on secure cluster -or displaying meaningful
> errors
> ------------------------------------------------------------------------------------
>
> Key: HDFS-5854
> URL: https://issues.apache.org/jira/browse/HDFS-5854
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: webhdfs
> Affects Versions: 2.4.0
> Environment: linux, kerberized 2.4.0 snapshot, commit #941ce6a
> Reporter: Steve Loughran
> Attachments: Screen Shot 2014-01-30 at 10.16.45.png
>
>
> webhdfs is on by default and the new NN status UI is coming up (after setting
> the {{ 'dfs.web.authentication.kerberos.principal}} property -but the FS
> browser failing with error code 401 -unauth.
> That's inevitably security related -somehow. But
> # the principal is set -or does httpfs-site.xml need to be filled in too?
> # if it is invalid, then some statement in the GUI should be provided
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
