[
https://issues.apache.org/jira/browse/HDDS-4041?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17166233#comment-17166233
]
Xiaoyu Yao commented on HDDS-4041:
----------------------------------
The root cause is the default /conf servlet has been overwrite by ozone but the
authentication filter has been attached twice, which triggers the Kerberos
reply error.
The fix is to remove the previous attached filter like we have done to remove
previous defined servlet to the same path spec "conf".
> Ozone /conf endpoint trigger kerberos replay error when SPNEGO is enabled
> --------------------------------------------------------------------------
>
> Key: HDDS-4041
> URL: https://issues.apache.org/jira/browse/HDDS-4041
> Project: Hadoop Distributed Data Store
> Issue Type: Bug
> Reporter: Nilotpal Nandi
> Assignee: Xiaoyu Yao
> Priority: Major
>
> {code}
> curl -k --negotiate -X GET -u :
> "https://quasar-jsajkc-8.quasar-jsajkc.root.hwx.site:9877/conf";
> <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
> <title>Error 403 GSSException: Failure unspecified at GSS-API level
> (Mechanism level: Request is a replay (34))</title>
> </head>
> <body><h2>HTTP ERROR 403 GSSException: Failure unspecified at GSS-API level
> (Mechanism level: Request is a replay (34))</h2>
> <table>
> <tr><th>URI:</th><td>/conf</td></tr>
> <tr><th>STATUS:</th><td>403</td></tr>
> <tr><th>MESSAGE:</th><td>GSSException: Failure unspecified at GSS-API level
> (Mechanism level: Request is a replay (34))</td></tr>
> <tr><th>SERVLET:</th><td>conf</td></tr>
> </table>
> </body>
> </html>
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
