You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Shi Wang (JIRA)" <ji...@apache.org> on 2017/03/30 00:36:41 UTC
[jira] [Commented] (KNOX-916) When REST endpoint enables SPNEGO and
there is valid kerberos ticket cache for knox user, REST call through knox
will show 401 error
[ https://issues.apache.org/jira/browse/KNOX-916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15948157#comment-15948157 ]
Shi Wang commented on KNOX-916:
-------------------------------
From first look seems in krb5JAASLogin.conf that knox is using, should change useTicketCache=true to useTicketCache=false. So knox always uses this JAAS file for kerberos authentication.
> When REST endpoint enables SPNEGO and there is valid kerberos ticket cache for knox user, REST call through knox will show 401 error
> ------------------------------------------------------------------------------------------------------------------------------------
>
> Key: KNOX-916
> URL: https://issues.apache.org/jira/browse/KNOX-916
> Project: Apache Knox
> Issue Type: Bug
> Affects Versions: 0.11.0
> Reporter: Shi Wang
> Assignee: Shi Wang
>
> For example, if webhdfs uses SPNEGO authentication, and curl through knox, su knoxuser and klist, if there is valid kerberos ticket cached for knoxuser, then it will show 401 unauthorized error. But if the cached ticket expired or do not have any cached ticket, could get 200 correct result.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)