Tarun Parimi created YARN-9334:
----------------------------------
Summary: YARN Service Client does not work with SPNEGO when knox
is configured
Key: YARN-9334
URL: https://issues.apache.org/jira/browse/YARN-9334
Project: Hadoop YARN
Issue Type: Bug
Components: yarn-native-services
Affects Versions: 3.2.0, 3.1.0
Reporter: Tarun Parimi
When knox is configured, the configuration hadoop.http.authentication.type is
set to
org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler
instead of kerberos.
We have the following check in ApiServiceClient#getApiClient for kerberos.
{code:java}
if (conf.get("hadoop.http.authentication.type").equals("kerberos")) {
try {
URI url = new URI(requestPath);
String challenge = YarnClientUtils.generateToken(url.getHost());
builder.header(HttpHeaders.AUTHORIZATION, "Negotiate " + challenge);
} catch (Exception e) {
throw new IOException(e);
}
}
{code}
So we always get 401 error since there is no auth handled for knox.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
