Hi,
Have observed in multiple places HttpServer2#setSecurityEnabled is set
using hadoop.security.authentication value instead of
hadoop.http.security.authentication.
This will make HttpServer2 to do initSpnego and initilaize
AuthenticationFilter with type
kerberos. I think we should use hadoop.http.authentication.type instead of
UserGroupInformation.isSecurityEnabled. Please correct me if I am wrong.
Thanks,
Prabhu Joseph
*org.apache.hadoop.hdfs.DFSUtil*
HttpServer2.Builder builder = new HttpServer2.Builder().setName(name)
.setConf(conf).setACL(new AccessControlList(conf.get(DFS_ADMIN, " ")))
.setSecurityEnabled(UserGroupInformation.isSecurityEnabled())
.setUsernameConfKey(spnegoUserNameKey)
.setKeytabConfKey(getSpnegoKeytabKey(conf, spnegoKeytabFileKey));
*org.apache.hadoop.yarn.webapp.WebApps*
if (hasSpnegoConf) {
builder.setUsernameConfKey(spnegoPrincipalKey)
.setKeytabConfKey(spnegoKeytabKey)
.setSecurityEnabled(UserGroupInformation.isSecurityEnabled());
}
