[jira] [Updated] (YARN-4006) YARN ATS Alternate Kerberos HTTP Authentication Changes
[ https://issues.apache.org/jira/browse/YARN-4006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Junping Du updated YARN-4006: - Target Version/s: 2.9.0 (was: 2.8.2) > YARN ATS Alternate Kerberos HTTP Authentication Changes > --- > > Key: YARN-4006 > URL: https://issues.apache.org/jira/browse/YARN-4006 > Project: Hadoop YARN > Issue Type: Improvement > Components: security, timelineserver >Affects Versions: 2.5.0, 2.6.0, 2.7.0, 2.5.1, 2.6.1, 2.8.0, 2.7.1, 2.7.2 >Reporter: Greg Senia >Priority: Blocker > Attachments: sample-ats-alt-auth.patch, YARN-4006-branch2.6.0.patch, > YARN-4006-branch-trunk.patch > > > When attempting to use The Hadoop Alternate Authentication Classes. They do > not exactly work with what was built with YARN-1935. > I went ahead and made the following changes to support using a Custom > AltKerberos DelegationToken custom class. > Changes to: TimelineAuthenticationFilterInitializer.class > {code} >String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); > LOG.info("AuthType Configured: "+authType); > if (authType.equals(PseudoAuthenticationHandler.TYPE)) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > PseudoDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: PseudoDelegationTokenAuthenticationHandler"); > } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || > (UserGroupInformation.isSecurityEnabled() && > conf.get("hadoop.security.authentication").equals(KerberosAuthenticationHandler.TYPE))) > { > if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > authType); > LOG.info("AuthType: "+authType); > } else { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > KerberosDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: KerberosDelegationTokenAuthenticationHandler"); > } > // Resolve _HOST into bind address > String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); > String principal = > filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL); > if (principal != null) { > try { > principal = SecurityUtil.getServerPrincipal(principal, bindAddress); > } catch (IOException ex) { > throw new RuntimeException( > "Could not resolve Kerberos principal name: " + ex.toString(), > ex); > } > filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, > principal); > } > } > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Updated] (YARN-4006) YARN ATS Alternate Kerberos HTTP Authentication Changes
[ https://issues.apache.org/jira/browse/YARN-4006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Junping Du updated YARN-4006: - Target Version/s: 2.8.2 (was: 2.8.1) > YARN ATS Alternate Kerberos HTTP Authentication Changes > --- > > Key: YARN-4006 > URL: https://issues.apache.org/jira/browse/YARN-4006 > Project: Hadoop YARN > Issue Type: Improvement > Components: security, timelineserver >Affects Versions: 2.5.0, 2.6.0, 2.7.0, 2.5.1, 2.6.1, 2.8.0, 2.7.1, 2.7.2 >Reporter: Greg Senia >Priority: Blocker > Attachments: sample-ats-alt-auth.patch, YARN-4006-branch2.6.0.patch, > YARN-4006-branch-trunk.patch > > > When attempting to use The Hadoop Alternate Authentication Classes. They do > not exactly work with what was built with YARN-1935. > I went ahead and made the following changes to support using a Custom > AltKerberos DelegationToken custom class. > Changes to: TimelineAuthenticationFilterInitializer.class > {code} >String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); > LOG.info("AuthType Configured: "+authType); > if (authType.equals(PseudoAuthenticationHandler.TYPE)) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > PseudoDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: PseudoDelegationTokenAuthenticationHandler"); > } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || > (UserGroupInformation.isSecurityEnabled() && > conf.get("hadoop.security.authentication").equals(KerberosAuthenticationHandler.TYPE))) > { > if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > authType); > LOG.info("AuthType: "+authType); > } else { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > KerberosDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: KerberosDelegationTokenAuthenticationHandler"); > } > // Resolve _HOST into bind address > String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); > String principal = > filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL); > if (principal != null) { > try { > principal = SecurityUtil.getServerPrincipal(principal, bindAddress); > } catch (IOException ex) { > throw new RuntimeException( > "Could not resolve Kerberos principal name: " + ex.toString(), > ex); > } > filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, > principal); > } > } > {code} -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Updated] (YARN-4006) YARN ATS Alternate Kerberos HTTP Authentication Changes
[ https://issues.apache.org/jira/browse/YARN-4006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Greg Senia updated YARN-4006: - Assignee: (was: Greg Senia) > YARN ATS Alternate Kerberos HTTP Authentication Changes > --- > > Key: YARN-4006 > URL: https://issues.apache.org/jira/browse/YARN-4006 > Project: Hadoop YARN > Issue Type: Improvement > Components: security, timelineserver >Affects Versions: 2.5.0, 2.6.0, 2.7.0, 2.5.1, 2.6.1, 2.8.0, 2.7.1, 2.7.2 >Reporter: Greg Senia >Priority: Blocker > Attachments: YARN-4006-branch-trunk.patch, > YARN-4006-branch2.6.0.patch, sample-ats-alt-auth.patch > > > When attempting to use The Hadoop Alternate Authentication Classes. They do > not exactly work with what was built with YARN-1935. > I went ahead and made the following changes to support using a Custom > AltKerberos DelegationToken custom class. > Changes to: TimelineAuthenticationFilterInitializer.class > {code} >String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); > LOG.info("AuthType Configured: "+authType); > if (authType.equals(PseudoAuthenticationHandler.TYPE)) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > PseudoDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: PseudoDelegationTokenAuthenticationHandler"); > } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || > (UserGroupInformation.isSecurityEnabled() && > conf.get("hadoop.security.authentication").equals(KerberosAuthenticationHandler.TYPE))) > { > if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > authType); > LOG.info("AuthType: "+authType); > } else { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > KerberosDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: KerberosDelegationTokenAuthenticationHandler"); > } > // Resolve _HOST into bind address > String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); > String principal = > filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL); > if (principal != null) { > try { > principal = SecurityUtil.getServerPrincipal(principal, bindAddress); > } catch (IOException ex) { > throw new RuntimeException( > "Could not resolve Kerberos principal name: " + ex.toString(), > ex); > } > filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, > principal); > } > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Updated] (YARN-4006) YARN ATS Alternate Kerberos HTTP Authentication Changes
[ https://issues.apache.org/jira/browse/YARN-4006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vinod Kumar Vavilapalli updated YARN-4006: -- Target Version/s: 2.8.1 (was: 2.8.0) Cannot block 2.8.0 release for ever for this. From the comments, it doesn't look like ATS service ever worked with alt-kerberos. It is as such no regression. And the patch doesn't work either per comment above. Given this lack of meaningful progress, I am removing 2.8.0 as a target. That said, if somebody with a good understanding of alt-kerberos and how this is supposed to work end-to-end ([~vvasudev]?) can help push this patch forward, we can get this in 2.8.1. Changing target-version accordingly. > YARN ATS Alternate Kerberos HTTP Authentication Changes > --- > > Key: YARN-4006 > URL: https://issues.apache.org/jira/browse/YARN-4006 > Project: Hadoop YARN > Issue Type: Improvement > Components: security, timelineserver >Affects Versions: 2.5.0, 2.6.0, 2.7.0, 2.5.1, 2.6.1, 2.8.0, 2.7.1, 2.7.2 >Reporter: Greg Senia >Assignee: Greg Senia >Priority: Blocker > Attachments: YARN-4006-branch-trunk.patch, > YARN-4006-branch2.6.0.patch, sample-ats-alt-auth.patch > > > When attempting to use The Hadoop Alternate Authentication Classes. They do > not exactly work with what was built with YARN-1935. > I went ahead and made the following changes to support using a Custom > AltKerberos DelegationToken custom class. > Changes to: TimelineAuthenticationFilterInitializer.class > {code} >String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); > LOG.info("AuthType Configured: "+authType); > if (authType.equals(PseudoAuthenticationHandler.TYPE)) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > PseudoDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: PseudoDelegationTokenAuthenticationHandler"); > } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || > (UserGroupInformation.isSecurityEnabled() && > conf.get("hadoop.security.authentication").equals(KerberosAuthenticationHandler.TYPE))) > { > if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > authType); > LOG.info("AuthType: "+authType); > } else { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > KerberosDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: KerberosDelegationTokenAuthenticationHandler"); > } > // Resolve _HOST into bind address > String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); > String principal = > filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL); > if (principal != null) { > try { > principal = SecurityUtil.getServerPrincipal(principal, bindAddress); > } catch (IOException ex) { > throw new RuntimeException( > "Could not resolve Kerberos principal name: " + ex.toString(), > ex); > } > filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, > principal); > } > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Updated] (YARN-4006) YARN ATS Alternate Kerberos HTTP Authentication Changes
[ https://issues.apache.org/jira/browse/YARN-4006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Greg Senia updated YARN-4006: - Attachment: sample-ats-alt-auth.patch > YARN ATS Alternate Kerberos HTTP Authentication Changes > --- > > Key: YARN-4006 > URL: https://issues.apache.org/jira/browse/YARN-4006 > Project: Hadoop YARN > Issue Type: Improvement > Components: security, timelineserver >Affects Versions: 2.5.0, 2.6.0, 2.7.0, 2.5.1, 2.6.1, 2.8.0, 2.7.1, 2.7.2 >Reporter: Greg Senia >Assignee: Greg Senia >Priority: Blocker > Attachments: YARN-4006-branch-trunk.patch, > YARN-4006-branch2.6.0.patch, sample-ats-alt-auth.patch > > > When attempting to use The Hadoop Alternate Authentication Classes. They do > not exactly work with what was built with YARN-1935. > I went ahead and made the following changes to support using a Custom > AltKerberos DelegationToken custom class. > Changes to: TimelineAuthenticationFilterInitializer.class > {code} >String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); > LOG.info("AuthType Configured: "+authType); > if (authType.equals(PseudoAuthenticationHandler.TYPE)) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > PseudoDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: PseudoDelegationTokenAuthenticationHandler"); > } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || > (UserGroupInformation.isSecurityEnabled() && > conf.get("hadoop.security.authentication").equals(KerberosAuthenticationHandler.TYPE))) > { > if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > authType); > LOG.info("AuthType: "+authType); > } else { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > KerberosDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: KerberosDelegationTokenAuthenticationHandler"); > } > // Resolve _HOST into bind address > String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); > String principal = > filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL); > if (principal != null) { > try { > principal = SecurityUtil.getServerPrincipal(principal, bindAddress); > } catch (IOException ex) { > throw new RuntimeException( > "Could not resolve Kerberos principal name: " + ex.toString(), > ex); > } > filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, > principal); > } > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Updated] (YARN-4006) YARN ATS Alternate Kerberos HTTP Authentication Changes
[ https://issues.apache.org/jira/browse/YARN-4006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Allen Wittenauer updated YARN-4006: --- Target Version/s: 3.0.0, 2.8.0 (was: 2.8.0) > YARN ATS Alternate Kerberos HTTP Authentication Changes > --- > > Key: YARN-4006 > URL: https://issues.apache.org/jira/browse/YARN-4006 > Project: Hadoop YARN > Issue Type: Improvement > Components: security, timelineserver >Affects Versions: 2.5.0, 2.6.0, 2.7.0, 2.5.1, 2.6.1, 2.8.0, 2.7.1, 2.7.2 >Reporter: Greg Senia >Assignee: Greg Senia >Priority: Blocker > Attachments: YARN-4006-branch-trunk.patch, YARN-4006-branch2.6.0.patch > > > When attempting to use The Hadoop Alternate Authentication Classes. They do > not exactly work with what was built with YARN-1935. > I went ahead and made the following changes to support using a Custom > AltKerberos DelegationToken custom class. > Changes to: TimelineAuthenticationFilterInitializer.class > {code} >String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); > LOG.info("AuthType Configured: "+authType); > if (authType.equals(PseudoAuthenticationHandler.TYPE)) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > PseudoDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: PseudoDelegationTokenAuthenticationHandler"); > } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || > (UserGroupInformation.isSecurityEnabled() && > conf.get("hadoop.security.authentication").equals(KerberosAuthenticationHandler.TYPE))) > { > if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > authType); > LOG.info("AuthType: "+authType); > } else { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > KerberosDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: KerberosDelegationTokenAuthenticationHandler"); > } > // Resolve _HOST into bind address > String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); > String principal = > filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL); > if (principal != null) { > try { > principal = SecurityUtil.getServerPrincipal(principal, bindAddress); > } catch (IOException ex) { > throw new RuntimeException( > "Could not resolve Kerberos principal name: " + ex.toString(), > ex); > } > filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, > principal); > } > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Updated] (YARN-4006) YARN ATS Alternate Kerberos HTTP Authentication Changes
[ https://issues.apache.org/jira/browse/YARN-4006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Allen Wittenauer updated YARN-4006: --- Priority: Blocker (was: Major) > YARN ATS Alternate Kerberos HTTP Authentication Changes > --- > > Key: YARN-4006 > URL: https://issues.apache.org/jira/browse/YARN-4006 > Project: Hadoop YARN > Issue Type: Improvement > Components: security, timelineserver >Affects Versions: 2.5.0, 2.6.0, 2.7.0, 2.5.1, 2.6.1, 2.8.0, 2.7.1, 2.7.2 >Reporter: Greg Senia >Assignee: Greg Senia >Priority: Blocker > Attachments: YARN-4006-branch-trunk.patch, YARN-4006-branch2.6.0.patch > > > When attempting to use The Hadoop Alternate Authentication Classes. They do > not exactly work with what was built with YARN-1935. > I went ahead and made the following changes to support using a Custom > AltKerberos DelegationToken custom class. > Changes to: TimelineAuthenticationFilterInitializer.class > {code} >String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); > LOG.info("AuthType Configured: "+authType); > if (authType.equals(PseudoAuthenticationHandler.TYPE)) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > PseudoDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: PseudoDelegationTokenAuthenticationHandler"); > } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || > (UserGroupInformation.isSecurityEnabled() && > conf.get("hadoop.security.authentication").equals(KerberosAuthenticationHandler.TYPE))) > { > if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > authType); > LOG.info("AuthType: "+authType); > } else { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > KerberosDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: KerberosDelegationTokenAuthenticationHandler"); > } > // Resolve _HOST into bind address > String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); > String principal = > filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL); > if (principal != null) { > try { > principal = SecurityUtil.getServerPrincipal(principal, bindAddress); > } catch (IOException ex) { > throw new RuntimeException( > "Could not resolve Kerberos principal name: " + ex.toString(), > ex); > } > filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, > principal); > } > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Updated] (YARN-4006) YARN ATS Alternate Kerberos HTTP Authentication Changes
[ https://issues.apache.org/jira/browse/YARN-4006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Allen Wittenauer updated YARN-4006: --- Description: When attempting to use The Hadoop Alternate Authentication Classes. They do not exactly work with what was built with YARN-1935. I went ahead and made the following changes to support using a Custom AltKerberos DelegationToken custom class. Changes to: TimelineAuthenticationFilterInitializer.class {code} String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); LOG.info("AuthType Configured: "+authType); if (authType.equals(PseudoAuthenticationHandler.TYPE)) { filterConfig.put(AuthenticationFilter.AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName()); LOG.info("AuthType: PseudoDelegationTokenAuthenticationHandler"); } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || (UserGroupInformation.isSecurityEnabled() && conf.get("hadoop.security.authentication").equals(KerberosAuthenticationHandler.TYPE))) { if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { filterConfig.put(AuthenticationFilter.AUTH_TYPE, authType); LOG.info("AuthType: "+authType); } else { filterConfig.put(AuthenticationFilter.AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName()); LOG.info("AuthType: KerberosDelegationTokenAuthenticationHandler"); } // Resolve _HOST into bind address String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); String principal = filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL); if (principal != null) { try { principal = SecurityUtil.getServerPrincipal(principal, bindAddress); } catch (IOException ex) { throw new RuntimeException( "Could not resolve Kerberos principal name: " + ex.toString(), ex); } filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, principal); } } {code} was: When attempting to use The Hadoop Alternate Authentication Classes. They do not exactly work with what was built with https://issues.apache.org/jira/browse/YARN-1935. I went ahead and made the following changes to support using a Custom AltKerberos DelegationToken custom class. Changes to: TimelineAuthenticationFilterInitializer.class {code} String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); LOG.info("AuthType Configured: "+authType); if (authType.equals(PseudoAuthenticationHandler.TYPE)) { filterConfig.put(AuthenticationFilter.AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName()); LOG.info("AuthType: PseudoDelegationTokenAuthenticationHandler"); } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || (UserGroupInformation.isSecurityEnabled() && conf.get("hadoop.security.authentication").equals(KerberosAuthenticationHandler.TYPE))) { if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { filterConfig.put(AuthenticationFilter.AUTH_TYPE, authType); LOG.info("AuthType: "+authType); } else { filterConfig.put(AuthenticationFilter.AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName()); LOG.info("AuthType: KerberosDelegationTokenAuthenticationHandler"); } // Resolve _HOST into bind address String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); String principal = filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL); if (principal != null) { try { principal = SecurityUtil.getServerPrincipal(principal, bindAddress); } catch (IOException ex) { throw new RuntimeException( "Could not resolve Kerberos principal name: " + ex.toString(), ex); } filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, principal); } } {code} > YARN ATS Alternate Kerberos HTTP Authentication Changes > --- > > Key: YARN-4006 > URL: https://issues.apache.org/jira/browse/YARN-4006 > Project: Hadoop YARN > Issue Type: Improvement > Components: security, timelineserver >Affects Versions: 2.5.0, 2.6.0, 2.7.0, 2.5.1, 2.6.1, 2.8.0, 2.7.1, 2.7.2 >Reporter: Greg Senia >Assignee: Greg Senia > Attachments: YARN-4006-branch-trunk.patch, YARN-4006-branch2.6.0.patch > > > When attempting to use The Hadoop Alternate Authentication Classes. They do > not exactly work with what was built with YARN-1935. > I went ahead and made the following changes to support using a Custom > AltKerberos DelegationToken custom class. > Changes to: TimelineAuthenticationFilterInitializer.class >
[jira] [Updated] (YARN-4006) YARN ATS Alternate Kerberos HTTP Authentication Changes
[ https://issues.apache.org/jira/browse/YARN-4006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Greg Senia updated YARN-4006: - Attachment: YARN-4006-branch-trunk.patch Updated to handle an error.. Sample code coming shortly > YARN ATS Alternate Kerberos HTTP Authentication Changes > --- > > Key: YARN-4006 > URL: https://issues.apache.org/jira/browse/YARN-4006 > Project: Hadoop YARN > Issue Type: Improvement > Components: security, timelineserver >Affects Versions: 2.5.0, 2.6.0, 2.7.0, 2.5.1, 2.6.1, 2.8.0, 2.7.1, 2.7.2 >Reporter: Greg Senia >Assignee: Greg Senia > Attachments: YARN-4006-branch-trunk.patch, YARN-4006-branch2.6.0.patch > > > When attempting to use The Hadoop Alternate Authentication Classes. They do > not exactly work with what was built with > https://issues.apache.org/jira/browse/YARN-1935. > I went ahead and made the following changes to support using a Custom > AltKerberos DelegationToken custom class. > Changes to: TimelineAuthenticationFilterInitializer.class > {code} >String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); > LOG.info("AuthType Configured: "+authType); > if (authType.equals(PseudoAuthenticationHandler.TYPE)) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > PseudoDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: PseudoDelegationTokenAuthenticationHandler"); > } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || > (UserGroupInformation.isSecurityEnabled() && > conf.get("hadoop.security.authentication").equals(KerberosAuthenticationHandler.TYPE))) > { > if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > authType); > LOG.info("AuthType: "+authType); > } else { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > KerberosDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: KerberosDelegationTokenAuthenticationHandler"); > } > // Resolve _HOST into bind address > String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); > String principal = > filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL); > if (principal != null) { > try { > principal = SecurityUtil.getServerPrincipal(principal, bindAddress); > } catch (IOException ex) { > throw new RuntimeException( > "Could not resolve Kerberos principal name: " + ex.toString(), > ex); > } > filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, > principal); > } > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-4006) YARN ATS Alternate Kerberos HTTP Authentication Changes
[ https://issues.apache.org/jira/browse/YARN-4006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Greg Senia updated YARN-4006: - Attachment: (was: YARN-4006-branch-trunk.patch) > YARN ATS Alternate Kerberos HTTP Authentication Changes > --- > > Key: YARN-4006 > URL: https://issues.apache.org/jira/browse/YARN-4006 > Project: Hadoop YARN > Issue Type: Improvement > Components: security, timelineserver >Affects Versions: 2.5.0, 2.6.0, 2.7.0, 2.5.1, 2.6.1, 2.8.0, 2.7.1, 2.7.2 >Reporter: Greg Senia >Assignee: Greg Senia > Attachments: YARN-4006-branch2.6.0.patch > > > When attempting to use The Hadoop Alternate Authentication Classes. They do > not exactly work with what was built with > https://issues.apache.org/jira/browse/YARN-1935. > I went ahead and made the following changes to support using a Custom > AltKerberos DelegationToken custom class. > Changes to: TimelineAuthenticationFilterInitializer.class > {code} >String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); > LOG.info("AuthType Configured: "+authType); > if (authType.equals(PseudoAuthenticationHandler.TYPE)) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > PseudoDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: PseudoDelegationTokenAuthenticationHandler"); > } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || > (UserGroupInformation.isSecurityEnabled() && > conf.get("hadoop.security.authentication").equals(KerberosAuthenticationHandler.TYPE))) > { > if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > authType); > LOG.info("AuthType: "+authType); > } else { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > KerberosDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: KerberosDelegationTokenAuthenticationHandler"); > } > // Resolve _HOST into bind address > String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); > String principal = > filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL); > if (principal != null) { > try { > principal = SecurityUtil.getServerPrincipal(principal, bindAddress); > } catch (IOException ex) { > throw new RuntimeException( > "Could not resolve Kerberos principal name: " + ex.toString(), > ex); > } > filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, > principal); > } > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-4006) YARN ATS Alternate Kerberos HTTP Authentication Changes
[ https://issues.apache.org/jira/browse/YARN-4006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vinod Kumar Vavilapalli updated YARN-4006: -- Fix Version/s: (was: 2.8.0) > YARN ATS Alternate Kerberos HTTP Authentication Changes > --- > > Key: YARN-4006 > URL: https://issues.apache.org/jira/browse/YARN-4006 > Project: Hadoop YARN > Issue Type: Improvement > Components: security, timelineserver >Affects Versions: 2.5.0, 2.6.0, 2.7.0, 2.5.1, 2.6.1, 2.8.0, 2.7.1, 2.7.2 >Reporter: Greg Senia >Assignee: Greg Senia > Attachments: YARN-4006-branch-trunk.patch, YARN-4006-branch2.6.0.patch > > > When attempting to use The Hadoop Alternate Authentication Classes. They do > not exactly work with what was built with > https://issues.apache.org/jira/browse/YARN-1935. > I went ahead and made the following changes to support using a Custom > AltKerberos DelegationToken custom class. > Changes to: TimelineAuthenticationFilterInitializer.class > {code} >String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); > LOG.info("AuthType Configured: "+authType); > if (authType.equals(PseudoAuthenticationHandler.TYPE)) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > PseudoDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: PseudoDelegationTokenAuthenticationHandler"); > } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || > (UserGroupInformation.isSecurityEnabled() && > conf.get("hadoop.security.authentication").equals(KerberosAuthenticationHandler.TYPE))) > { > if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > authType); > LOG.info("AuthType: "+authType); > } else { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > KerberosDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: KerberosDelegationTokenAuthenticationHandler"); > } > // Resolve _HOST into bind address > String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); > String principal = > filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL); > if (principal != null) { > try { > principal = SecurityUtil.getServerPrincipal(principal, bindAddress); > } catch (IOException ex) { > throw new RuntimeException( > "Could not resolve Kerberos principal name: " + ex.toString(), > ex); > } > filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, > principal); > } > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-4006) YARN ATS Alternate Kerberos HTTP Authentication Changes
[ https://issues.apache.org/jira/browse/YARN-4006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vinod Kumar Vavilapalli updated YARN-4006: -- Target Version/s: 2.8.0 > YARN ATS Alternate Kerberos HTTP Authentication Changes > --- > > Key: YARN-4006 > URL: https://issues.apache.org/jira/browse/YARN-4006 > Project: Hadoop YARN > Issue Type: Improvement > Components: security, timelineserver >Affects Versions: 2.5.0, 2.6.0, 2.7.0, 2.5.1, 2.6.1, 2.8.0, 2.7.1, 2.7.2 >Reporter: Greg Senia >Assignee: Greg Senia > Attachments: YARN-4006-branch-trunk.patch, YARN-4006-branch2.6.0.patch > > > When attempting to use The Hadoop Alternate Authentication Classes. They do > not exactly work with what was built with > https://issues.apache.org/jira/browse/YARN-1935. > I went ahead and made the following changes to support using a Custom > AltKerberos DelegationToken custom class. > Changes to: TimelineAuthenticationFilterInitializer.class > {code} >String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); > LOG.info("AuthType Configured: "+authType); > if (authType.equals(PseudoAuthenticationHandler.TYPE)) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > PseudoDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: PseudoDelegationTokenAuthenticationHandler"); > } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || > (UserGroupInformation.isSecurityEnabled() && > conf.get("hadoop.security.authentication").equals(KerberosAuthenticationHandler.TYPE))) > { > if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > authType); > LOG.info("AuthType: "+authType); > } else { > filterConfig.put(AuthenticationFilter.AUTH_TYPE, > KerberosDelegationTokenAuthenticationHandler.class.getName()); > LOG.info("AuthType: KerberosDelegationTokenAuthenticationHandler"); > } > // Resolve _HOST into bind address > String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); > String principal = > filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL); > if (principal != null) { > try { > principal = SecurityUtil.getServerPrincipal(principal, bindAddress); > } catch (IOException ex) { > throw new RuntimeException( > "Could not resolve Kerberos principal name: " + ex.toString(), > ex); > } > filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, > principal); > } > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-4006) YARN ATS Alternate Kerberos HTTP Authentication Changes
[ https://issues.apache.org/jira/browse/YARN-4006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jian He updated YARN-4006: -- Description: When attempting to use The Hadoop Alternate Authentication Classes. They do not exactly work with what was built with https://issues.apache.org/jira/browse/YARN-1935. I went ahead and made the following changes to support using a Custom AltKerberos DelegationToken custom class. Changes to: TimelineAuthenticationFilterInitializer.class {code} String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); LOG.info(AuthType Configured: +authType); if (authType.equals(PseudoAuthenticationHandler.TYPE)) { filterConfig.put(AuthenticationFilter.AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName()); LOG.info(AuthType: PseudoDelegationTokenAuthenticationHandler); } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || (UserGroupInformation.isSecurityEnabled() conf.get(hadoop.security.authentication).equals(KerberosAuthenticationHandler.TYPE))) { if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { filterConfig.put(AuthenticationFilter.AUTH_TYPE, authType); LOG.info(AuthType: +authType); } else { filterConfig.put(AuthenticationFilter.AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName()); LOG.info(AuthType: KerberosDelegationTokenAuthenticationHandler); } // Resolve _HOST into bind address String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); String principal = filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL); if (principal != null) { try { principal = SecurityUtil.getServerPrincipal(principal, bindAddress); } catch (IOException ex) { throw new RuntimeException( Could not resolve Kerberos principal name: + ex.toString(), ex); } filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, principal); } } {code} was: When attempting to use The Hadoop Alternate Authentication Classes. They do not exactly work with what was built with https://issues.apache.org/jira/browse/YARN-1935. I went ahead and made the following changes to support using a Custom AltKerberos DelegationToken custom class. Changes to: TimelineAuthenticationFilterInitializer.class String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); LOG.info(AuthType Configured: +authType); if (authType.equals(PseudoAuthenticationHandler.TYPE)) { filterConfig.put(AuthenticationFilter.AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName()); LOG.info(AuthType: PseudoDelegationTokenAuthenticationHandler); } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || (UserGroupInformation.isSecurityEnabled() conf.get(hadoop.security.authentication).equals(KerberosAuthenticationHandler.TYPE))) { if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { filterConfig.put(AuthenticationFilter.AUTH_TYPE, authType); LOG.info(AuthType: +authType); } else { filterConfig.put(AuthenticationFilter.AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName()); LOG.info(AuthType: KerberosDelegationTokenAuthenticationHandler); } // Resolve _HOST into bind address String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); String principal = filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL); if (principal != null) { try { principal = SecurityUtil.getServerPrincipal(principal, bindAddress); } catch (IOException ex) { throw new RuntimeException( Could not resolve Kerberos principal name: + ex.toString(), ex); } filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, principal); } } YARN ATS Alternate Kerberos HTTP Authentication Changes --- Key: YARN-4006 URL: https://issues.apache.org/jira/browse/YARN-4006 Project: Hadoop YARN Issue Type: Improvement Components: security, timelineserver Affects Versions: 2.5.0, 2.6.0, 2.7.0, 2.5.1, 2.6.1, 2.8.0, 2.7.1, 2.7.2 Reporter: Greg Senia Assignee: Greg Senia Fix For: 2.8.0 Attachments: YARN-4006-branch-trunk.patch, YARN-4006-branch2.6.0.patch When attempting to use The Hadoop Alternate Authentication Classes. They do not exactly work with what was built with https://issues.apache.org/jira/browse/YARN-1935. I went ahead and made the following changes to support using a Custom AltKerberos DelegationToken custom class. Changes to:
[jira] [Updated] (YARN-4006) YARN ATS Alternate Kerberos HTTP Authentication Changes
[ https://issues.apache.org/jira/browse/YARN-4006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Zhijie Shen updated YARN-4006: -- Assignee: Greg Senia YARN ATS Alternate Kerberos HTTP Authentication Changes --- Key: YARN-4006 URL: https://issues.apache.org/jira/browse/YARN-4006 Project: Hadoop YARN Issue Type: Improvement Components: security, timelineserver Affects Versions: 2.5.0, 2.6.0, 2.7.0, 2.5.1, 2.6.1, 2.8.0, 2.7.1, 2.7.2 Reporter: Greg Senia Assignee: Greg Senia Fix For: 2.8.0 Attachments: YARN-4006-branch-trunk.patch, YARN-4006-branch2.6.0.patch When attempting to use The Hadoop Alternate Authentication Classes. They do not exactly work with what was built with https://issues.apache.org/jira/browse/YARN-1935. I went ahead and made the following changes to support using a Custom AltKerberos DelegationToken custom class. Changes to: TimelineAuthenticationFilterInitializer.class String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); LOG.info(AuthType Configured: +authType); if (authType.equals(PseudoAuthenticationHandler.TYPE)) { filterConfig.put(AuthenticationFilter.AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName()); LOG.info(AuthType: PseudoDelegationTokenAuthenticationHandler); } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || (UserGroupInformation.isSecurityEnabled() conf.get(hadoop.security.authentication).equals(KerberosAuthenticationHandler.TYPE))) { if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { filterConfig.put(AuthenticationFilter.AUTH_TYPE, authType); LOG.info(AuthType: +authType); } else { filterConfig.put(AuthenticationFilter.AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName()); LOG.info(AuthType: KerberosDelegationTokenAuthenticationHandler); } // Resolve _HOST into bind address String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); String principal = filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL); if (principal != null) { try { principal = SecurityUtil.getServerPrincipal(principal, bindAddress); } catch (IOException ex) { throw new RuntimeException( Could not resolve Kerberos principal name: + ex.toString(), ex); } filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, principal); } } -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-4006) YARN ATS Alternate Kerberos HTTP Authentication Changes
[ https://issues.apache.org/jira/browse/YARN-4006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Greg Senia updated YARN-4006: - Attachment: YARN-4006-branch2.6.0.patch YARN ATS Alternate Kerberos HTTP Authentication Changes --- Key: YARN-4006 URL: https://issues.apache.org/jira/browse/YARN-4006 Project: Hadoop YARN Issue Type: Improvement Components: security, timelineserver Affects Versions: 2.5.0, 2.6.0, 2.7.0, 2.8.0 Reporter: Greg Senia Attachments: YARN-4006-branch2.6.0.patch When attempting to use The Hadoop Alternate Authentication Classes. They do not exactly work with what was built with https://issues.apache.org/jira/browse/YARN-1935. I went ahead and made the following changes to support using a Custom AltKerberos DelegationToken custom class. Changes to: TimelineAuthenticationFilterInitializer.class String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); LOG.info(AuthType Configured: +authType); if (authType.equals(PseudoAuthenticationHandler.TYPE)) { filterConfig.put(AuthenticationFilter.AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName()); LOG.info(AuthType: PseudoDelegationTokenAuthenticationHandler); } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || (UserGroupInformation.isSecurityEnabled() conf.get(hadoop.security.authentication).equals(KerberosAuthenticationHandler.TYPE))) { if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { filterConfig.put(AuthenticationFilter.AUTH_TYPE, authType); LOG.info(AuthType: +authType); } else { filterConfig.put(AuthenticationFilter.AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName()); LOG.info(AuthType: KerberosDelegationTokenAuthenticationHandler); } // Resolve _HOST into bind address String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); String principal = filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL); if (principal != null) { try { principal = SecurityUtil.getServerPrincipal(principal, bindAddress); } catch (IOException ex) { throw new RuntimeException( Could not resolve Kerberos principal name: + ex.toString(), ex); } filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, principal); } } -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-4006) YARN ATS Alternate Kerberos HTTP Authentication Changes
[ https://issues.apache.org/jira/browse/YARN-4006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Greg Senia updated YARN-4006: - Attachment: YARN-4006-branch-trunk.patch Trunk Patch YARN ATS Alternate Kerberos HTTP Authentication Changes --- Key: YARN-4006 URL: https://issues.apache.org/jira/browse/YARN-4006 Project: Hadoop YARN Issue Type: Improvement Components: security, timelineserver Affects Versions: 2.5.0, 2.6.0, 2.7.0, 2.8.0 Reporter: Greg Senia Attachments: YARN-4006-branch-trunk.patch, YARN-4006-branch2.6.0.patch When attempting to use The Hadoop Alternate Authentication Classes. They do not exactly work with what was built with https://issues.apache.org/jira/browse/YARN-1935. I went ahead and made the following changes to support using a Custom AltKerberos DelegationToken custom class. Changes to: TimelineAuthenticationFilterInitializer.class String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); LOG.info(AuthType Configured: +authType); if (authType.equals(PseudoAuthenticationHandler.TYPE)) { filterConfig.put(AuthenticationFilter.AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName()); LOG.info(AuthType: PseudoDelegationTokenAuthenticationHandler); } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || (UserGroupInformation.isSecurityEnabled() conf.get(hadoop.security.authentication).equals(KerberosAuthenticationHandler.TYPE))) { if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { filterConfig.put(AuthenticationFilter.AUTH_TYPE, authType); LOG.info(AuthType: +authType); } else { filterConfig.put(AuthenticationFilter.AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName()); LOG.info(AuthType: KerberosDelegationTokenAuthenticationHandler); } // Resolve _HOST into bind address String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); String principal = filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL); if (principal != null) { try { principal = SecurityUtil.getServerPrincipal(principal, bindAddress); } catch (IOException ex) { throw new RuntimeException( Could not resolve Kerberos principal name: + ex.toString(), ex); } filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, principal); } } -- This message was sent by Atlassian JIRA (v6.3.4#6332)