Hi Folks,
I am getting a 403 accessing Kerberized cluster (Hadoop Kerberized).
kinit ..... valid Kerberos user...
curl -L --negotiate -u : http://locathost:50070/logs/
..
> GET /logs/ HTTP/1.1
> Authorization: Negotiate
YIICVwYJKoZIhvcSAQICAQBuggJGMIICQqADAgEFoQMCAQ6iBwMFAAAAAACjggFjYYIBXzCCAVugAwIBBaEJGwdJQk0uQ09NoicwJaADAgEDoR4wHBsESFRUUBsUYmRhdm00ODQuc3ZsLmlibS5jb22jggEeMIIBGqADAgERoQMCAQaiggEMBIIBCGTmcjb1WNFRYaTCzAxgCC9ZMaKdHHyt+7qHV/Q4mRFyuhhouo0hFccjNH7TTC1eUXTf31+zo5Zfg3dNPV/NJ1WH53YdMYWHuHDAkWvd7amBPQB/j5q2pOqn+3X8DEW8hcPYo1vRrzLWht8BKmorxCNuRIDETw0Qn7Q9cETLPgPHbEqTCjeEKNqux/26CaJ8/Ixu6qBbj1DtsJzJZJCKbIVoYbj6hGajv4ACIXTXeIIUa9dqDXeI9R97OZXSVlq/M3foyltPQfjRL3DEWiDdavpmr/3LJbJ6rr3UYeZKona8Wz4SlGWKJwkqSTdBTdpHatVZVRXkTfkeuAi03HNVvZwsJ1v1hPpCaqSBxTCBwqADAgERooG6BIG3jNhBU4niOi+a32hsF5qCAVDne7815PrvvGhweF14u+1nJ2Nk+54eQWUNNIF87AomF0vEoUFjzKtKJ6pAcTer9L9ab782acAhEH0H+O3kW88qc45LGhRtquimF2Xrguq1RrjPIlS1sAoTLtj/b0ctvcFQBH1Vuuryyn5AKyWBvW0IFVzBcJQcLlVjlFoaeA9RpF39BktO3RutCONA4/B/RzbeucEvIhyODss7XBs83o49KemsQT7x
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/
3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: localhost:50070
> Accept: */*
>
< HTTP/1.1 403 User ambari-qa is unauthorized to access this page.
< Content-Type: text/html; charset=iso-8859-1
< Set-Cookie:
hadoop.auth="u=ambari-qa&p=ambari-qa-tes...@ibm.com&t=kerberos&e=1461979860144&s=oXW3iQyX0/SAWxup9pngeyNSGO4=";
Path=/; Domain=svl.ibm.com; Expires=Sat, 30-Apr-2016 01:31:00 GMT; HttpOnly
id ambari-qa
id ambari-qa
uid=1006(ambari-qa) gid=502(hadoop) groups=502(hadoop),100(users)
All super user/proxy set to *
Any reason why /logs/ are not accessible? Can that be set in configuration?
BTW is I run the request as hdfs user it succeeds so hdfs service user has
authorization.
This is confusing some users since they expect access for hadoop UI /logs/
