Hi Folks, I am getting a 403 accessing Kerberized cluster (Hadoop Kerberized).
kinit ..... valid Kerberos user... curl -L --negotiate -u : http://locathost:50070/logs/ .. > GET /logs/ HTTP/1.1 > Authorization: Negotiate YIICVwYJKoZIhvcSAQICAQBuggJGMIICQqADAgEFoQMCAQ6iBwMFAAAAAACjggFjYYIBXzCCAVugAwIBBaEJGwdJQk0uQ09NoicwJaADAgEDoR4wHBsESFRUUBsUYmRhdm00ODQuc3ZsLmlibS5jb22jggEeMIIBGqADAgERoQMCAQaiggEMBIIBCGTmcjb1WNFRYaTCzAxgCC9ZMaKdHHyt+7qHV/Q4mRFyuhhouo0hFccjNH7TTC1eUXTf31+zo5Zfg3dNPV/NJ1WH53YdMYWHuHDAkWvd7amBPQB/j5q2pOqn+3X8DEW8hcPYo1vRrzLWht8BKmorxCNuRIDETw0Qn7Q9cETLPgPHbEqTCjeEKNqux/26CaJ8/Ixu6qBbj1DtsJzJZJCKbIVoYbj6hGajv4ACIXTXeIIUa9dqDXeI9R97OZXSVlq/M3foyltPQfjRL3DEWiDdavpmr/3LJbJ6rr3UYeZKona8Wz4SlGWKJwkqSTdBTdpHatVZVRXkTfkeuAi03HNVvZwsJ1v1hPpCaqSBxTCBwqADAgERooG6BIG3jNhBU4niOi+a32hsF5qCAVDne7815PrvvGhweF14u+1nJ2Nk+54eQWUNNIF87AomF0vEoUFjzKtKJ6pAcTer9L9ab782acAhEH0H+O3kW88qc45LGhRtquimF2Xrguq1RrjPIlS1sAoTLtj/b0ctvcFQBH1Vuuryyn5AKyWBvW0IFVzBcJQcLlVjlFoaeA9RpF39BktO3RutCONA4/B/RzbeucEvIhyODss7XBs83o49KemsQT7x > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/ 3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: localhost:50070 > Accept: */* > < HTTP/1.1 403 User ambari-qa is unauthorized to access this page. < Content-Type: text/html; charset=iso-8859-1 < Set-Cookie: hadoop.auth="u=ambari-qa&p=ambari-qa-tes...@ibm.com&t=kerberos&e=1461979860144&s=oXW3iQyX0/SAWxup9pngeyNSGO4="; Path=/; Domain=svl.ibm.com; Expires=Sat, 30-Apr-2016 01:31:00 GMT; HttpOnly id ambari-qa id ambari-qa uid=1006(ambari-qa) gid=502(hadoop) groups=502(hadoop),100(users) All super user/proxy set to * Any reason why /logs/ are not accessible? Can that be set in configuration? BTW is I run the request as hdfs user it succeeds so hdfs service user has authorization. This is confusing some users since they expect access for hadoop UI /logs/