[
https://issues.apache.org/jira/browse/OOZIE-77?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13156806#comment-13156806
]
[email protected] commented on OOZIE-77:
----------------------------------------------------
bq. On 2011-11-24 01:42:37, Angelo K. Huang wrote:
bq. > /trunk/core/pom.xml, line 225
bq. > <https://reviews.apache.org/r/2875/diff/2/?file=59621#file59621line225>
bq. >
bq. > why u need log4j at compile?
This is not log4j (which Oozie has already at compile time) but the slf4j log4j
adapter which is used by Hadoop-auth (alfredo) server side and specified as
optional dependency in its POM (optional because the client side does not uses
it).
bq. On 2011-11-24 01:42:37, Angelo K. Huang wrote:
bq. > /trunk/core/src/main/resources/oozie-default.xml, line 1407
bq. > <https://reviews.apache.org/r/2875/diff/2/?file=59625#file59625line1407>
bq. >
bq. > same here
answered in the previous comment.
bq. On 2011-11-24 01:42:37, Angelo K. Huang wrote:
bq. > /trunk/core/src/main/conf/oozie-site.xml, line 249
bq. > <https://reviews.apache.org/r/2875/diff/2/?file=59623#file59623line249>
bq. >
bq. > how to describe Oozie supports multiple auths?
simple & kerberos are aliases for the out of the box supported authentication
mechanisms. If you have a custom one you specify here the class of your
AuthenticationHandler.
How you specify multiple? It is the responsibility fo the AuthenticationHandler
to do so. You can have an implementation that is a multiplexor of other
AuthenticationHandlers if you need to.
bq. On 2011-11-24 01:42:37, Angelo K. Huang wrote:
bq. > /trunk/docs/src/site/twiki/AG_Install.twiki, line 200
bq. > <https://reviews.apache.org/r/2875/diff/2/?file=59628#file59628line200>
bq. >
bq. > Can server supports both at same time?
No with the current implementation, supporting simple and Kerberos at the same
time does not make sense.
But if you want to support Kerberos and some other (ie) LDAP authentication
mechanism, then you could write a AuthenticationHandler multiplexor that probes
the request with the different AuthenticationHandlers it has until one says
that it validates the request or all fail.
bq. On 2011-11-24 01:42:37, Angelo K. Huang wrote:
bq. > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 92
bq. > <https://reviews.apache.org/r/2875/diff/2/?file=59629#file59629line92>
bq. >
bq. > We should let user decide what kind of auth he/she wants to use. Ex.
bq. >
bq. > -auth simple
bq. > -auth kerberos
The client does not decide the authentication of the server.
For example, out of the box the client handles both kerberos and simple and it
will do what the server responds.
If you see the KerberosAuthenticator implementation delegates to the
SimpleAuthenticator.
If you have a custom mechanism you could do the same, delegating to
KerberosAuthenticator which in turn will delegate to SimpleAuthenticator.
- Alejandro
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2875/#review3498
-----------------------------------------------------------
On 2011-11-21 21:15:10, Alejandro Abdelnur wrote:
bq.
bq. -----------------------------------------------------------
bq. This is an automatically generated e-mail. To reply, visit:
bq. https://reviews.apache.org/r/2875/
bq. -----------------------------------------------------------
bq.
bq. (Updated 2011-11-21 21:15:10)
bq.
bq.
bq. Review request for oozie.
bq.
bq.
bq. Summary
bq. -------
bq.
bq. Using hadoop-auth (Alfredo) 0.23.0.
bq.
bq. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to
Apache Maven repo yet.
bq.
bq.
bq. This addresses bug OOZIE-77.
bq. https://issues.apache.org/jira/browse/OOZIE-77
bq.
bq.
bq. Diffs
bq. -----
bq.
bq. /trunk/client/pom.xml 1204710
bq. /trunk/client/src/main/bin/oozie 1204710
bq. /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1204710
bq. /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java
PRE-CREATION
bq. /trunk/core/pom.xml 1204710
bq. /trunk/core/src/main/conf/oozie-log4j.properties 1204710
bq. /trunk/core/src/main/conf/oozie-site.xml 1204710
bq. /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java
PRE-CREATION
bq. /trunk/core/src/main/resources/oozie-default.xml 1204710
bq.
/trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java
1204710
bq.
/trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java
PRE-CREATION
bq. /trunk/docs/src/site/twiki/AG_Install.twiki 1204710
bq. /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1204710
bq. /trunk/pom.xml 1204710
bq. /trunk/webapp/pom.xml 1204710
bq. /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1204710
bq.
bq. Diff: https://reviews.apache.org/r/2875/diff
bq.
bq.
bq. Testing
bq. -------
bq.
bq.
bq. Thanks,
bq.
bq. Alejandro
bq.
bq.
> Oozie should support Kerberos authentication on its HTTP REST API
> -----------------------------------------------------------------
>
> Key: OOZIE-77
> URL: https://issues.apache.org/jira/browse/OOZIE-77
> Project: Oozie
> Issue Type: Bug
> Reporter: Hadoop QA
> Assignee: Roman Shaposhnik
>
> Original Issue: GH-35
> The correct way of doing this would be using an SPNEGO filter on the server
> side.
> Ideally authentication should be plugglable, allowing support for cookie
> based auth, certs, etc.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
