Hi Manoj - This is often done by going through a gateway or intermediary that is configured as a trusted proxy to the cluster. That is, the intermediary can authenticate to the target services as itself with kerberos and dispatch the REST request with a doas parameter that indicates the identity of the user to issue the request on behalf of.
This is precisely what Apache Knox does for such deployments. You may want to take a look there. http://knox.apache.org Currently, out of the box, Knox has an authentication provider to authentication HTTP Basic credentials against an LDAP server. There is an ApacheDS LDAP server as part of the Knox distribution as well - for quickly testing your deployment. Feel free to engage the Knox user/dev lists. HTH, --larry On Thu, May 15, 2014 at 4:44 AM, Manoj Babu <[email protected]> wrote: > Hi Alejandro, > > Thanks for your response. Right now i am following this approach from > edge-node where kerberos is configured. I am not able to understand the hit > provided can you provide a sample to trigger request from other external > machine to authenticate where kerberos not configured in client where > request is to be triggered? > > $ kinit > > After entering pwd > > $ curl --negotiate -u : -b ~/cookiejar.txt -c ~/cookiejar.txt > http://localhost:14000/webhdfs/v1/?op=liststatus > > Cheers! > Manoj. > > > On Fri, May 9, 2014 at 12:13 PM, Alejandro Abdelnur <[email protected]>wrote: > >> Manoj, >> >> Please look at >> http://hadoop.apache.org/docs/r2.4.0/hadoop-hdfs-httpfs/httpfs-default.htmllook >> at the 'httpfs.authentication.*' properties. >> >> Thanks. >> >> >> On Sun, May 4, 2014 at 5:27 AM, Manoj Babu <[email protected]> wrote: >> >>> Hi, >>> >>> How to accesss files in hdfs using HttpFS that is protected by kerberos? >>> Kerberos authentication works only where is is configured ex: edge node. >>> If i am triggering request from other system then how do i authenticate? >>> >>> Kindly advise. >>> >>> Cheers! >>> Manoj. >>> >> >> >> >> -- >> Alejandro >> > > -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You.
