You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Moritz Moeller (JIRA)" <ji...@apache.org> on 2012/09/16 15:22:07 UTC
[jira] [Created] (HADOOP-8816) HTTP Error 413 full HEAD if using
kerberos authentication
Moritz Moeller created HADOOP-8816:
--------------------------------------
Summary: HTTP Error 413 full HEAD if using kerberos authentication
Key: HADOOP-8816
URL: https://issues.apache.org/jira/browse/HADOOP-8816
Project: Hadoop Common
Issue Type: Bug
Components: net
Affects Versions: 2.0.1-alpha
Environment: ubuntu linux with active directory kerberos.
Reporter: Moritz Moeller
The HTTP Authentication: header is too large if using kerberos and the request is rejected by Jetty because Jetty has a too low default header size limit.
Can be fixed by adding ret.setHeaderBufferSize(1024*128); in org.apache.hadoop.http.HttpServer.createDefaultChannelConnector
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8816) HTTP Error 413 full HEAD if using
kerberos authentication
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8816?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13457119#comment-13457119 ]
Alejandro Abdelnur commented on HADOOP-8816:
--------------------------------------------
128K as header buffer size seems a bit too big.
Could this be related to this? http://www.novell.com/communities/node/11516/kerberos-authentication-may-fail-access-manager-identity-server-users-large-group-members
Would be possible to get the actual header size that is making things to fail?
> HTTP Error 413 full HEAD if using kerberos authentication
> ---------------------------------------------------------
>
> Key: HADOOP-8816
> URL: https://issues.apache.org/jira/browse/HADOOP-8816
> Project: Hadoop Common
> Issue Type: Bug
> Components: net
> Affects Versions: 2.0.1-alpha
> Environment: ubuntu linux with active directory kerberos.
> Reporter: Moritz Moeller
>
> The HTTP Authentication: header is too large if using kerberos and the request is rejected by Jetty because Jetty has a too low default header size limit.
> Can be fixed by adding ret.setHeaderBufferSize(1024*128); in org.apache.hadoop.http.HttpServer.createDefaultChannelConnector
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8816) HTTP Error 413 full HEAD if using
kerberos authentication
Posted by "Moritz Moeller (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Moritz Moeller updated HADOOP-8816:
-----------------------------------
Attachment: hadoop-common-kerberos-increase-http-header-buffer-size.patch
attached is a patch that changes the header buffer size to 64kb.
32kb is the highest suggested value that I found in the following pages that deal with the same problem:
https://issues.alfresco.com/jira/browse/ALF-13810
https://issues.apache.org/bugzilla/show_bug.cgi?id=42003
I know no disadvantages of a higher header buffer size limit.
> HTTP Error 413 full HEAD if using kerberos authentication
> ---------------------------------------------------------
>
> Key: HADOOP-8816
> URL: https://issues.apache.org/jira/browse/HADOOP-8816
> Project: Hadoop Common
> Issue Type: Bug
> Components: net
> Affects Versions: 2.0.1-alpha
> Environment: ubuntu linux with active directory kerberos.
> Reporter: Moritz Moeller
> Attachments: hadoop-common-kerberos-increase-http-header-buffer-size.patch
>
>
> The HTTP Authentication: header is too large if using kerberos and the request is rejected by Jetty because Jetty has a too low default header size limit.
> Can be fixed by adding ret.setHeaderBufferSize(1024*128); in org.apache.hadoop.http.HttpServer.createDefaultChannelConnector
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8816) HTTP Error 413 full HEAD if using
kerberos authentication
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8816?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13457121#comment-13457121 ]
Alejandro Abdelnur commented on HADOOP-8816:
--------------------------------------------
Also, if we tweak the header buffer size, we should doing it in a configurable way.
> HTTP Error 413 full HEAD if using kerberos authentication
> ---------------------------------------------------------
>
> Key: HADOOP-8816
> URL: https://issues.apache.org/jira/browse/HADOOP-8816
> Project: Hadoop Common
> Issue Type: Bug
> Components: net
> Affects Versions: 2.0.1-alpha
> Environment: ubuntu linux with active directory kerberos.
> Reporter: Moritz Moeller
>
> The HTTP Authentication: header is too large if using kerberos and the request is rejected by Jetty because Jetty has a too low default header size limit.
> Can be fixed by adding ret.setHeaderBufferSize(1024*128); in org.apache.hadoop.http.HttpServer.createDefaultChannelConnector
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8816) HTTP Error 413 full HEAD if using
kerberos authentication
Posted by "Moritz Moeller (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8816?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13457129#comment-13457129 ]
Moritz Moeller commented on HADOOP-8816:
----------------------------------------
No, Kerberos tokens do not contain group membership information, but tend to get pretty large, 4-8k base64 encoded.
I guess 16kb header size would be enough.
Making that configurable is your choice, I personally wouldn't as I know no things that cause header sizes larger than Kerberos, but then if it was configurable already this ticket wouldn't exist.
> HTTP Error 413 full HEAD if using kerberos authentication
> ---------------------------------------------------------
>
> Key: HADOOP-8816
> URL: https://issues.apache.org/jira/browse/HADOOP-8816
> Project: Hadoop Common
> Issue Type: Bug
> Components: net
> Affects Versions: 2.0.1-alpha
> Environment: ubuntu linux with active directory kerberos.
> Reporter: Moritz Moeller
>
> The HTTP Authentication: header is too large if using kerberos and the request is rejected by Jetty because Jetty has a too low default header size limit.
> Can be fixed by adding ret.setHeaderBufferSize(1024*128); in org.apache.hadoop.http.HttpServer.createDefaultChannelConnector
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira