You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Jeffrey E Rodriguez (JIRA)" <ji...@apache.org> on 2016/05/08 18:16:12 UTC
[jira] [Created] (HADOOP-13119) Web UI authorization error
accessing /logs/ when Kerberos
Jeffrey E Rodriguez created HADOOP-13119:
---------------------------------------------
Summary: Web UI authorization error accessing /logs/ when Kerberos
Key: HADOOP-13119
URL: https://issues.apache.org/jira/browse/HADOOP-13119
Project: Hadoop Common
Issue Type: Bug
Affects Versions: 2.8.0, 2.7.4
Reporter: Jeffrey E Rodriguez
User Hadoop on secure mode.
login as kdc user, kinit.
start firefox and enable Kerberos
access http://localhost:50070/logs/
Get 403 authorization errors.
only hdfs user could access logs.
Would expect as a user to be able to web interface logs link.
Same results if using curl:
curl -v --negotiate -u tester: http://localhost:50070/logs/
HTTP/1.1 403 User tester is unauthorized to access this page.
so:
1. either don't show links if hdfs user is able to access.
2. provide mechanism to add users to web application realm.
3. note that we are pass authentication so the issue is authorization to /logs/
suspect that /logs/ path is secure in webdescriptor so suspect users by default don't have access to secure paths.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org