ivandika3 commented on PR #6896: URL: https://github.com/apache/ozone/pull/6896#issuecomment-2210274074
@adoroszlai Thank you for the explanation. > curl sends it when options --negotiate -u : are present, and the user has a valid Kerberos ticket Does this mean that the `Authorization` header is sent if user has an intention to validate the Kerberos ticket? My understanding that specifying a "Authorization" header shows client's intention to authorize its operation and we should verify this authorization header regardless of resource the user is trying to retrieve (e.g. public path). Additionally, maybe it's good to update the `webui.robot` to detect the regression. Another question related Ozone security. I saw that in https://ozone.apache.org/docs/edge/security/secureozone.html, S3G seems to support Kerberos auth, but seems it will be rejected in `AuthorizationFilter` since it only support AWS authorization header. Please let me know if I misunderstood the intended behavior / Kerberos concept since I'm quite new to the concept. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
