[jira] [Updated] (HDFS-14434) webhdfs that connect secure hdfs should not use user.name parameter
[ https://issues.apache.org/jira/browse/HDFS-14434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Wei-Chiu Chuang updated HDFS-14434: --- Fix Version/s: 3.2.2 3.1.4 > webhdfs that connect secure hdfs should not use user.name parameter > --- > > Key: HDFS-14434 > URL: https://issues.apache.org/jira/browse/HDFS-14434 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 3.1.2 >Reporter: KWON BYUNGCHANG >Assignee: KWON BYUNGCHANG >Priority: Minor > Fix For: 3.3.0, 3.1.4, 3.2.2 > > Attachments: HDFS-14434.001.patch, HDFS-14434.002.patch, > HDFS-14434.003.patch, HDFS-14434.004.patch, HDFS-14434.005.patch, > HDFS-14434.006.patch, HDFS-14434.007.patch, HDFS-14434.008.patch > > > I have two secure hadoop cluster. Both cluster use cross-realm > authentication. > [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm > by the way, hadoop username of use...@a.com in B.COM realm is > cross_realm_a_com_user_a. > hdfs dfs command of use...@a.com using B.COM webhdfs failed. > root cause is webhdfs that connect secure hdfs use user.name parameter. > according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs > use SPNEGO for authentication. > I think webhdfs that connect secure hdfs should not use user.name parameter. > I will attach patch. > below is error log > > {noformat} > $ hdfs dfs -ls webhdfs://b.com:50070/ > ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a > > # user.name in cross realm webhdfs > $ curl -u : --negotiate > 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' > {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed > to obtain user group information: java.io.IOException: Usernames not > matched: name=user_a != expected=cross_realm_a_com_user_a"}} > # USE SPNEGO > $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN' > {"Token"{"urlString":"XgA."}} > > {noformat} > > > > > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-14434) webhdfs that connect secure hdfs should not use user.name parameter
[ https://issues.apache.org/jira/browse/HDFS-14434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eric Yang updated HDFS-14434: - Resolution: Fixed Fix Version/s: 3.3.0 Status: Resolved (was: Patch Available) +1 on patch 008. I just committed this to trunk. > webhdfs that connect secure hdfs should not use user.name parameter > --- > > Key: HDFS-14434 > URL: https://issues.apache.org/jira/browse/HDFS-14434 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 3.1.2 >Reporter: KWON BYUNGCHANG >Assignee: KWON BYUNGCHANG >Priority: Minor > Fix For: 3.3.0 > > Attachments: HDFS-14434.001.patch, HDFS-14434.002.patch, > HDFS-14434.003.patch, HDFS-14434.004.patch, HDFS-14434.005.patch, > HDFS-14434.006.patch, HDFS-14434.007.patch, HDFS-14434.008.patch > > > I have two secure hadoop cluster. Both cluster use cross-realm > authentication. > [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm > by the way, hadoop username of use...@a.com in B.COM realm is > cross_realm_a_com_user_a. > hdfs dfs command of use...@a.com using B.COM webhdfs failed. > root cause is webhdfs that connect secure hdfs use user.name parameter. > according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs > use SPNEGO for authentication. > I think webhdfs that connect secure hdfs should not use user.name parameter. > I will attach patch. > below is error log > > {noformat} > $ hdfs dfs -ls webhdfs://b.com:50070/ > ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a > > # user.name in cross realm webhdfs > $ curl -u : --negotiate > 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' > {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed > to obtain user group information: java.io.IOException: Usernames not > matched: name=user_a != expected=cross_realm_a_com_user_a"}} > # USE SPNEGO > $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN' > {"Token"{"urlString":"XgA."}} > > {noformat} > > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-14434) webhdfs that connect secure hdfs should not use user.name parameter
[ https://issues.apache.org/jira/browse/HDFS-14434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] KWON BYUNGCHANG updated HDFS-14434: --- Attachment: HDFS-14434.008.patch > webhdfs that connect secure hdfs should not use user.name parameter > --- > > Key: HDFS-14434 > URL: https://issues.apache.org/jira/browse/HDFS-14434 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 3.1.2 >Reporter: KWON BYUNGCHANG >Assignee: KWON BYUNGCHANG >Priority: Minor > Attachments: HDFS-14434.001.patch, HDFS-14434.002.patch, > HDFS-14434.003.patch, HDFS-14434.004.patch, HDFS-14434.005.patch, > HDFS-14434.006.patch, HDFS-14434.007.patch, HDFS-14434.008.patch > > > I have two secure hadoop cluster. Both cluster use cross-realm > authentication. > [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm > by the way, hadoop username of use...@a.com in B.COM realm is > cross_realm_a_com_user_a. > hdfs dfs command of use...@a.com using B.COM webhdfs failed. > root cause is webhdfs that connect secure hdfs use user.name parameter. > according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs > use SPNEGO for authentication. > I think webhdfs that connect secure hdfs should not use user.name parameter. > I will attach patch. > below is error log > > {noformat} > $ hdfs dfs -ls webhdfs://b.com:50070/ > ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a > > # user.name in cross realm webhdfs > $ curl -u : --negotiate > 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' > {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed > to obtain user group information: java.io.IOException: Usernames not > matched: name=user_a != expected=cross_realm_a_com_user_a"}} > # USE SPNEGO > $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN' > {"Token"{"urlString":"XgA."}} > > {noformat} > > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-14434) webhdfs that connect secure hdfs should not use user.name parameter
[ https://issues.apache.org/jira/browse/HDFS-14434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] KWON BYUNGCHANG updated HDFS-14434: --- Attachment: HDFS-14434.007.patch > webhdfs that connect secure hdfs should not use user.name parameter > --- > > Key: HDFS-14434 > URL: https://issues.apache.org/jira/browse/HDFS-14434 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 3.1.2 >Reporter: KWON BYUNGCHANG >Assignee: KWON BYUNGCHANG >Priority: Minor > Attachments: HDFS-14434.001.patch, HDFS-14434.002.patch, > HDFS-14434.003.patch, HDFS-14434.004.patch, HDFS-14434.005.patch, > HDFS-14434.006.patch, HDFS-14434.007.patch > > > I have two secure hadoop cluster. Both cluster use cross-realm > authentication. > [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm > by the way, hadoop username of use...@a.com in B.COM realm is > cross_realm_a_com_user_a. > hdfs dfs command of use...@a.com using B.COM webhdfs failed. > root cause is webhdfs that connect secure hdfs use user.name parameter. > according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs > use SPNEGO for authentication. > I think webhdfs that connect secure hdfs should not use user.name parameter. > I will attach patch. > below is error log > > {noformat} > $ hdfs dfs -ls webhdfs://b.com:50070/ > ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a > > # user.name in cross realm webhdfs > $ curl -u : --negotiate > 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' > {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed > to obtain user group information: java.io.IOException: Usernames not > matched: name=user_a != expected=cross_realm_a_com_user_a"}} > # USE SPNEGO > $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN' > {"Token"{"urlString":"XgA."}} > > {noformat} > > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-14434) webhdfs that connect secure hdfs should not use user.name parameter
[ https://issues.apache.org/jira/browse/HDFS-14434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] KWON BYUNGCHANG updated HDFS-14434: --- Attachment: HDFS-14434.006.patch > webhdfs that connect secure hdfs should not use user.name parameter > --- > > Key: HDFS-14434 > URL: https://issues.apache.org/jira/browse/HDFS-14434 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 3.1.2 >Reporter: KWON BYUNGCHANG >Assignee: KWON BYUNGCHANG >Priority: Minor > Attachments: HDFS-14434.001.patch, HDFS-14434.002.patch, > HDFS-14434.003.patch, HDFS-14434.004.patch, HDFS-14434.005.patch, > HDFS-14434.006.patch > > > I have two secure hadoop cluster. Both cluster use cross-realm > authentication. > [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm > by the way, hadoop username of use...@a.com in B.COM realm is > cross_realm_a_com_user_a. > hdfs dfs command of use...@a.com using B.COM webhdfs failed. > root cause is webhdfs that connect secure hdfs use user.name parameter. > according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs > use SPNEGO for authentication. > I think webhdfs that connect secure hdfs should not use user.name parameter. > I will attach patch. > below is error log > > {noformat} > $ hdfs dfs -ls webhdfs://b.com:50070/ > ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a > > # user.name in cross realm webhdfs > $ curl -u : --negotiate > 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' > {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed > to obtain user group information: java.io.IOException: Usernames not > matched: name=user_a != expected=cross_realm_a_com_user_a"}} > # USE SPNEGO > $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN' > {"Token"{"urlString":"XgA."}} > > {noformat} > > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-14434) webhdfs that connect secure hdfs should not use user.name parameter
[ https://issues.apache.org/jira/browse/HDFS-14434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] KWON BYUNGCHANG updated HDFS-14434: --- Attachment: HDFS-14434.005.patch > webhdfs that connect secure hdfs should not use user.name parameter > --- > > Key: HDFS-14434 > URL: https://issues.apache.org/jira/browse/HDFS-14434 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 3.1.2 >Reporter: KWON BYUNGCHANG >Assignee: KWON BYUNGCHANG >Priority: Minor > Attachments: HDFS-14434.001.patch, HDFS-14434.002.patch, > HDFS-14434.003.patch, HDFS-14434.004.patch, HDFS-14434.005.patch > > > I have two secure hadoop cluster. Both cluster use cross-realm > authentication. > [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm > by the way, hadoop username of use...@a.com in B.COM realm is > cross_realm_a_com_user_a. > hdfs dfs command of use...@a.com using B.COM webhdfs failed. > root cause is webhdfs that connect secure hdfs use user.name parameter. > according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs > use SPNEGO for authentication. > I think webhdfs that connect secure hdfs should not use user.name parameter. > I will attach patch. > below is error log > > {noformat} > $ hdfs dfs -ls webhdfs://b.com:50070/ > ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a > > # user.name in cross realm webhdfs > $ curl -u : --negotiate > 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' > {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed > to obtain user group information: java.io.IOException: Usernames not > matched: name=user_a != expected=cross_realm_a_com_user_a"}} > # USE SPNEGO > $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN' > {"Token"{"urlString":"XgA."}} > > {noformat} > > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-14434) webhdfs that connect secure hdfs should not use user.name parameter
[ https://issues.apache.org/jira/browse/HDFS-14434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] KWON BYUNGCHANG updated HDFS-14434: --- Attachment: HDFS-14434.004.patch > webhdfs that connect secure hdfs should not use user.name parameter > --- > > Key: HDFS-14434 > URL: https://issues.apache.org/jira/browse/HDFS-14434 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 3.1.2 >Reporter: KWON BYUNGCHANG >Assignee: KWON BYUNGCHANG >Priority: Minor > Attachments: HDFS-14434.001.patch, HDFS-14434.002.patch, > HDFS-14434.003.patch, HDFS-14434.004.patch > > > I have two secure hadoop cluster. Both cluster use cross-realm > authentication. > [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm > by the way, hadoop username of use...@a.com in B.COM realm is > cross_realm_a_com_user_a. > hdfs dfs command of use...@a.com using B.COM webhdfs failed. > root cause is webhdfs that connect secure hdfs use user.name parameter. > according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs > use SPNEGO for authentication. > I think webhdfs that connect secure hdfs should not use user.name parameter. > I will attach patch. > below is error log > > {noformat} > $ hdfs dfs -ls webhdfs://b.com:50070/ > ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a > > # user.name in cross realm webhdfs > $ curl -u : --negotiate > 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' > {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed > to obtain user group information: java.io.IOException: Usernames not > matched: name=user_a != expected=cross_realm_a_com_user_a"}} > # USE SPNEGO > $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN' > {"Token"{"urlString":"XgA."}} > > {noformat} > > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-14434) webhdfs that connect secure hdfs should not use user.name parameter
[ https://issues.apache.org/jira/browse/HDFS-14434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] KWON BYUNGCHANG updated HDFS-14434: --- Attachment: HDFS-14434.003.patch > webhdfs that connect secure hdfs should not use user.name parameter > --- > > Key: HDFS-14434 > URL: https://issues.apache.org/jira/browse/HDFS-14434 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 3.1.2 >Reporter: KWON BYUNGCHANG >Assignee: KWON BYUNGCHANG >Priority: Minor > Attachments: HDFS-14434.001.patch, HDFS-14434.002.patch, > HDFS-14434.003.patch > > > I have two secure hadoop cluster. Both cluster use cross-realm > authentication. > [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm > by the way, hadoop username of use...@a.com in B.COM realm is > cross_realm_a_com_user_a. > hdfs dfs command of use...@a.com using B.COM webhdfs failed. > root cause is webhdfs that connect secure hdfs use user.name parameter. > according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs > use SPNEGO for authentication. > I think webhdfs that connect secure hdfs should not use user.name parameter. > I will attach patch. > below is error log > > {noformat} > $ hdfs dfs -ls webhdfs://b.com:50070/ > ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a > > # user.name in cross realm webhdfs > $ curl -u : --negotiate > 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' > {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed > to obtain user group information: java.io.IOException: Usernames not > matched: name=user_a != expected=cross_realm_a_com_user_a"}} > # USE SPNEGO > $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN' > {"Token"{"urlString":"XgA."}} > > {noformat} > > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-14434) webhdfs that connect secure hdfs should not use user.name parameter
[ https://issues.apache.org/jira/browse/HDFS-14434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] KWON BYUNGCHANG updated HDFS-14434: --- Attachment: HDFS-14434.002.patch > webhdfs that connect secure hdfs should not use user.name parameter > --- > > Key: HDFS-14434 > URL: https://issues.apache.org/jira/browse/HDFS-14434 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 3.1.2 >Reporter: KWON BYUNGCHANG >Priority: Minor > Attachments: HDFS-14434.001.patch, HDFS-14434.002.patch > > > I have two secure hadoop cluster. Both cluster use cross-realm > authentication. > [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm > by the way, hadoop username of use...@a.com in B.COM realm is > cross_realm_a_com_user_a. > hdfs dfs command of use...@a.com using B.COM webhdfs failed. > root cause is webhdfs that connect secure hdfs use user.name parameter. > according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs > use SPNEGO for authentication. > I think webhdfs that connect secure hdfs should not use user.name parameter. > I will attach patch. > below is error log > > {noformat} > $ hdfs dfs -ls webhdfs://b.com:50070/ > ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a > > # user.name in cross realm webhdfs > $ curl -u : --negotiate > 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' > {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed > to obtain user group information: java.io.IOException: Usernames not > matched: name=user_a != expected=cross_realm_a_com_user_a"}} > # USE SPNEGO > $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN' > {"Token"{"urlString":"XgA."}} > > {noformat} > > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-14434) webhdfs that connect secure hdfs should not use user.name parameter
[ https://issues.apache.org/jira/browse/HDFS-14434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] KWON BYUNGCHANG updated HDFS-14434: --- Attachment: HDFS-14434.001.patch > webhdfs that connect secure hdfs should not use user.name parameter > --- > > Key: HDFS-14434 > URL: https://issues.apache.org/jira/browse/HDFS-14434 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 3.1.2 >Reporter: KWON BYUNGCHANG >Priority: Minor > Attachments: HDFS-14434.001.patch > > > I have two secure hadoop cluster. Both cluster use cross-realm > authentication. > [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm > by the way, hadoop username of use...@a.com in B.COM realm is > cross_realm_a_com_user_a. > hdfs dfs command of use...@a.com using B.COM webhdfs failed. > root cause is webhdfs that connect secure hdfs use user.name parameter. > according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs > use SPNEGO for authentication. > I think webhdfs that connect secure hdfs should not use user.name parameter. > I will attach patch. > below is error log > > {noformat} > $ hdfs dfs -ls webhdfs://b.com:50070/ > ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a > > # user.name in cross realm webhdfs > $ curl -u : --negotiate > 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' > {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed > to obtain user group information: java.io.IOException: Usernames not > matched: name=user_a != expected=cross_realm_a_com_user_a"}} > # USE SPNEGO > $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN' > {"Token"{"urlString":"XgA."}} > > {noformat} > > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-14434) webhdfs that connect secure hdfs should not use user.name parameter
[ https://issues.apache.org/jira/browse/HDFS-14434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] KWON BYUNGCHANG updated HDFS-14434: --- Status: Patch Available (was: Open) > webhdfs that connect secure hdfs should not use user.name parameter > --- > > Key: HDFS-14434 > URL: https://issues.apache.org/jira/browse/HDFS-14434 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 3.1.2 >Reporter: KWON BYUNGCHANG >Priority: Minor > Attachments: HDFS-14434.001.patch > > > I have two secure hadoop cluster. Both cluster use cross-realm > authentication. > [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm > by the way, hadoop username of use...@a.com in B.COM realm is > cross_realm_a_com_user_a. > hdfs dfs command of use...@a.com using B.COM webhdfs failed. > root cause is webhdfs that connect secure hdfs use user.name parameter. > according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs > use SPNEGO for authentication. > I think webhdfs that connect secure hdfs should not use user.name parameter. > I will attach patch. > below is error log > > {noformat} > $ hdfs dfs -ls webhdfs://b.com:50070/ > ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a > > # user.name in cross realm webhdfs > $ curl -u : --negotiate > 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' > {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed > to obtain user group information: java.io.IOException: Usernames not > matched: name=user_a != expected=cross_realm_a_com_user_a"}} > # USE SPNEGO > $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN' > {"Token"{"urlString":"XgA."}} > > {noformat} > > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-14434) webhdfs that connect secure hdfs should not use user.name parameter
[ https://issues.apache.org/jira/browse/HDFS-14434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] KWON BYUNGCHANG updated HDFS-14434: --- Description: I have two secure hadoop cluster. Both cluster use cross-realm authentication. [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm by the way, hadoop username of use...@a.com in B.COM realm is cross_realm_a_com_user_a. hdfs dfs command of use...@a.com using B.COM webhdfs failed. root cause is webhdfs that connect secure hdfs use user.name parameter. according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs use SPNEGO for authentication. I think webhdfs that connect secure hdfs should not use user.name parameter. I will attach patch. below is error log {noformat} $ hdfs dfs -ls webhdfs://b.com:50070/ ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a # user.name in cross realm webhdfs $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a"}} # USE SPNEGO $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN' {"Token"{"urlString":"XgA."}} {noformat} was: I have two secure hadoop cluster. Both cluster use cross-realm authentication. [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm by the way, hadoop username of use...@a.com in B.COM realm is cross_realm_a_com_user_a. hdfs dfs command of use...@a.com using B.COM webhdfs failed. $ hdfs dfs -ls webhdfs://b.com:50070/ {{ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a}} $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' {{{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a" {{$ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN'}} {{{"Token"{"urlString":"XgA." root cause is webhdfs that connect secure hdfs use user.name parameter. according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs use SPNEGO for authentication. I think webhdfs that connect secure hdfs should not use user.name parameter. I will attach patch. > webhdfs that connect secure hdfs should not use user.name parameter > --- > > Key: HDFS-14434 > URL: https://issues.apache.org/jira/browse/HDFS-14434 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 3.1.2 >Reporter: KWON BYUNGCHANG >Priority: Minor > > I have two secure hadoop cluster. Both cluster use cross-realm > authentication. > [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm > by the way, hadoop username of use...@a.com in B.COM realm is > cross_realm_a_com_user_a. > hdfs dfs command of use...@a.com using B.COM webhdfs failed. > root cause is webhdfs that connect secure hdfs use user.name parameter. > according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs > use SPNEGO for authentication. > I think webhdfs that connect secure hdfs should not use user.name parameter. > I will attach patch. > below is error log > > {noformat} > $ hdfs dfs -ls webhdfs://b.com:50070/ > ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a > > # user.name in cross realm webhdfs > $ curl -u : --negotiate > 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' > {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed > to obtain user group information: java.io.IOException: Usernames not > matched: name=user_a != expected=cross_realm_a_com_user_a"}} > # USE SPNEGO > $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN' > {"Token"{"urlString":"XgA."}} > > {noformat} > > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-14434) webhdfs that connect secure hdfs should not use user.name parameter
[ https://issues.apache.org/jira/browse/HDFS-14434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] KWON BYUNGCHANG updated HDFS-14434: --- Description: I have two secure hadoop cluster. Both cluster use cross-realm authentication. [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm by the way, hadoop username of use...@a.com in B.COM realm is cross_realm_a_com_user_a. hdfs dfs command of use...@a.com using B.COM webhdfs failed. $ hdfs dfs -ls webhdfs://b.com:50070/ {{ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a}} $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' {{{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a" {{$ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN'}} {{{"Token"{"urlString":"XgA." root cause is webhdfs that connect secure hdfs use user.name parameter. according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs use SPNEGO for authentication. I think webhdfs that connect secure hdfs should not use user.name parameter. I will attach patch. was: I have two secure hadoop cluster. Both cluster use cross-realm authentication. [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm by the way, hadoop username of use...@a.com in B.COM realm is cross_realm_a_com_user_a. hdfs dfs command of use...@a.com using B.COM webhdfs failed. $ hdfs dfs -ls webhdfs://b.com:50070/ {{ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_usera}} $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' {{{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a" {{$ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN'}} {{{"Token"{"urlString":"XgA." root cause is webhdfs that connect secure hdfs use user.name parameter. according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs use SPNEGO for authentication. I think webhdfs that connect secure hdfs should not use user.name parameter. I will attach patch. > webhdfs that connect secure hdfs should not use user.name parameter > --- > > Key: HDFS-14434 > URL: https://issues.apache.org/jira/browse/HDFS-14434 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 3.1.2 >Reporter: KWON BYUNGCHANG >Priority: Minor > > I have two secure hadoop cluster. Both cluster use cross-realm > authentication. > [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm > by the way, hadoop username of use...@a.com in B.COM realm is > cross_realm_a_com_user_a. > hdfs dfs command of use...@a.com using B.COM webhdfs failed. > > $ hdfs dfs -ls webhdfs://b.com:50070/ > {{ls: Usernames not matched: name=user_a != > expected=cross_realm_a_com_user_a}} > > $ curl -u : --negotiate > 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' > {{{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed > to obtain user group information: java.io.IOException: Usernames not > matched: name=user_a != expected=cross_realm_a_com_user_a" > > {{$ curl -u : --negotiate > 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN'}} > {{{"Token"{"urlString":"XgA." > > root cause is webhdfs that connect secure hdfs use user.name parameter. > according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs > use SPNEGO for authentication. > > I think webhdfs that connect secure hdfs should not use user.name parameter. > I will attach patch. > > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-14434) webhdfs that connect secure hdfs should not use user.name parameter
[ https://issues.apache.org/jira/browse/HDFS-14434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] KWON BYUNGCHANG updated HDFS-14434: --- Description: I have two secure hadoop cluster. Both cluster use cross-realm authentication. [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm by the way, hadoop username of use...@a.com in B.COM realm is cross_realm_a_com_user_a. hdfs dfs command of use...@a.com using B.COM webhdfs failed. $ hdfs dfs -ls webhdfs://b.com:50070/ {{ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_usera}} $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' {{{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a" {{$ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN'}} {{{"Token"{"urlString":"XgA." root cause is webhdfs that connect secure hdfs use user.name parameter. according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs use SPNEGO for authentication. I think webhdfs that connect secure hdfs should not use user.name parameter. I will attach patch. was: I have two secure hadoop cluster. Both cluster use cross-realm authentication. [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm by the way, hadoop username of use...@a.com in B.COM realm is cross_realm_a_com_user_a. hdfs dfs command of use...@a.com using B.COM webhdfs failed. $ hdfs dfs -ls webhdfs://b.com:50070/ {{ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_usera}} {{$ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' }} {{{"RemoteException":\{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a" {{$ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN'}} {{{"Token"\{"urlString":"XgA." root cause is webhdfs that connect secure hdfs use user.name parameter. according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs use SPNEGO for authentication. I think webhdfs that connect secure hdfs should not use user.name parameter. I will attach patch. > webhdfs that connect secure hdfs should not use user.name parameter > --- > > Key: HDFS-14434 > URL: https://issues.apache.org/jira/browse/HDFS-14434 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs >Affects Versions: 3.1.2 >Reporter: KWON BYUNGCHANG >Priority: Minor > > I have two secure hadoop cluster. Both cluster use cross-realm > authentication. > [use...@a.com|mailto:use...@a.com] can access to HDFS of B.COM realm > by the way, hadoop username of use...@a.com in B.COM realm is > cross_realm_a_com_user_a. > hdfs dfs command of use...@a.com using B.COM webhdfs failed. > > $ hdfs dfs -ls webhdfs://b.com:50070/ > {{ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_usera}} > > $ curl -u : --negotiate > 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' > {{{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed > to obtain user group information: java.io.IOException: Usernames not > matched: name=user_a != expected=cross_realm_a_com_user_a" > > {{$ curl -u : --negotiate > 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN'}} > {{{"Token"{"urlString":"XgA." > > root cause is webhdfs that connect secure hdfs use user.name parameter. > according to webhdfs spec, insecure webhdfs use user.name, secure webhdfs > use SPNEGO for authentication. > > I think webhdfs that connect secure hdfs should not use user.name parameter. > I will attach patch. > > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org