[
https://issues.apache.org/jira/browse/OOZIE-77?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13154519#comment-13154519
]
[email protected] commented on OOZIE-77:
----------------------------------------------------
bq. On 2011-11-19 07:26:00, Mohammad Islam wrote:
bq. > Mostly want to know how that impact our internal auth. What types of
modifications are needed?
Mohammad, Y! internal auth is not part of Apache Oozie codebase, thus I cannot
say anything in detail.
What can I say is that you'll have to implement a client and a server handler
for Y! internal authentication. Note that the client/server handler interfaces
are very similar to the ones in the patch that Angelo posted in GH last year.
If you have such code implemented internal, I would guess the refactoring to
use this patch is minimal.
bq. On 2011-11-19 07:26:00, Mohammad Islam wrote:
bq. > /trunk/docs/src/site/twiki/AG_Install.twiki, line 189
bq. > <https://reviews.apache.org/r/2875/diff/1/?file=59215#file59215line189>
bq. >
bq. > would you pls explain that?
this is incorrect, i'll remove.
bq. On 2011-11-19 07:26:00, Mohammad Islam wrote:
bq. > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 94
bq. > <https://reviews.apache.org/r/2875/diff/1/?file=59216#file59216line94>
bq. >
bq. > typo "i" -> in
will fix
bq. On 2011-11-19 07:26:00, Mohammad Islam wrote:
bq. > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 97
bq. > <https://reviews.apache.org/r/2875/diff/1/?file=59216#file59216line97>
bq. >
bq. > what is the important/value of 'simple' auth?
pseudo/simple auth is the current mechanim that provides no real
authentication, it just propagates the username in the current OS
bq. On 2011-11-19 07:26:00, Mohammad Islam wrote:
bq. > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 103
bq. > <https://reviews.apache.org/r/2875/diff/1/?file=59216#file59216line103>
bq. >
bq. > Can you please elaborate on this? We wonder if it will break our
current authentication.
As mentioned above, you can implement/configure additional client/server
'handlers' for different authentication mechanism.
bq. On 2011-11-19 07:26:00, Mohammad Islam wrote:
bq. > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 105
bq. > <https://reviews.apache.org/r/2875/diff/1/?file=59216#file59216line105>
bq. >
bq. > what is the default option? It is better if current user doesn't
need to set any extra parameter
The default option is kerberos, but kerberos falls back to simple.
If you are using a custom/internal handler, you could modify the oozie shell
script to see your handler classname, thus making it transparent to your users.
- Alejandro
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2875/#review3372
-----------------------------------------------------------
On 2011-11-17 22:15:27, Alejandro Abdelnur wrote:
bq.
bq. -----------------------------------------------------------
bq. This is an automatically generated e-mail. To reply, visit:
bq. https://reviews.apache.org/r/2875/
bq. -----------------------------------------------------------
bq.
bq. (Updated 2011-11-17 22:15:27)
bq.
bq.
bq. Review request for oozie.
bq.
bq.
bq. Summary
bq. -------
bq.
bq. Using hadoop-auth (Alfredo) 0.23.0.
bq.
bq. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to
Apache Maven repo yet.
bq.
bq.
bq. This addresses bug OOZIE-77.
bq. https://issues.apache.org/jira/browse/OOZIE-77
bq.
bq.
bq. Diffs
bq. -----
bq.
bq. /trunk/client/pom.xml 1203392
bq. /trunk/client/src/main/bin/oozie 1203392
bq. /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1203392
bq. /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java
PRE-CREATION
bq. /trunk/core/pom.xml 1203392
bq. /trunk/core/src/main/conf/oozie-log4j.properties 1203392
bq. /trunk/core/src/main/conf/oozie-site.xml 1203392
bq. /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java
PRE-CREATION
bq. /trunk/core/src/main/resources/oozie-default.xml 1203392
bq.
/trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java
1203392
bq.
/trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java
PRE-CREATION
bq. /trunk/docs/src/site/twiki/AG_Install.twiki 1203392
bq. /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1203392
bq. /trunk/pom.xml 1203392
bq. /trunk/webapp/pom.xml 1203392
bq. /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1203392
bq.
bq. Diff: https://reviews.apache.org/r/2875/diff
bq.
bq.
bq. Testing
bq. -------
bq.
bq.
bq. Thanks,
bq.
bq. Alejandro
bq.
bq.
> GH-35: Oozie should support Kerberos authentication on its HTTP REST API
> ------------------------------------------------------------------------
>
> Key: OOZIE-77
> URL: https://issues.apache.org/jira/browse/OOZIE-77
> Project: Oozie
> Issue Type: Bug
> Reporter: Hadoop QA
> Assignee: Roman Shaposhnik
>
> The correct way of doing this would be using an SPNEGO filter on the server
> side.
> Ideally authentication should be plugglable, allowing support for cookie
> based auth, certs, etc.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
