You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by "Eric Charles (JIRA)" <ji...@apache.org> on 2015/07/31 17:37:05 UTC
[jira] [Created] (ZEPPELIN-193) Kerberos (SPNEGO) Support
Eric Charles created ZEPPELIN-193:
-------------------------------------
Summary: Kerberos (SPNEGO) Support
Key: ZEPPELIN-193
URL: https://issues.apache.org/jira/browse/ZEPPELIN-193
Project: Zeppelin
Issue Type: New Feature
Components: GUI
Affects Versions: 0.5.1
Reporter: Eric Charles
Fix For: 0.5.1
The goal is to restrict WEB access to users being previoulsy authenticated by a Kerberos server (so having a valid Kerberos Ticket).
I will submit a PR which implements a filter (from hadoop-auth jar) in case a new configuration key zeppelin.security.authentication is set to kerberos.
I will also add session management to maintain the set of authenticated users. This is needed to ensure the websocket is also secured.
This is related to:
- ZEPPELIN-173 (Zeppelin websocket server is vulnerable to Cross-Site WebSocket Hijacking)
- ZEPPELIN-113 (Provide HTTP Keep Alive for Web and Web Sockets)
I will try to rely on ZEPPELIN-172 (Websocket connection without separate port) as it may be easier to secure a single webapp managed by jetty.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)