You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Kevin Minder (JIRA)" <ji...@apache.org> on 2018/02/06 14:53:00 UTC
[jira] [Resolved] (KNOX-1171) Handle invalid hadoop.auth cookie
returned by Oozie
[ https://issues.apache.org/jira/browse/KNOX-1171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevin Minder resolved KNOX-1171.
--------------------------------
Resolution: Fixed
> Handle invalid hadoop.auth cookie returned by Oozie
> ---------------------------------------------------
>
> Key: KNOX-1171
> URL: https://issues.apache.org/jira/browse/KNOX-1171
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.14.0
> Reporter: Kevin Minder
> Assignee: Kevin Minder
> Priority: Major
> Fix For: 1.1.0
>
> Attachments: KNOX-1171.patch
>
>
> There are issues with Oozie/HadoopAuth that prevent the proxying of the Oozie UI in secure clusters.
> The HadoopAuth issue below is preventing HttpClient from handling hadoop.auth token resulting in every interaction with Oozie requiring a SPNego authentication in a secure cluster. https://issues.apache.org/jira/browse/HADOOP-10710
> The Oozie issue below prevents certain Oozie resources from be accessible when SPNego authentication occurs. This is caused by these resources being authenticated twice which results in a Kerberos replay attack detection/failure. https://issues.apache.org/jira/browse/OOZIE-2427
> The combination of these two issues prevents the Oozie UI from being proxied in a secure cluster.
> The proposed solution is to enhance HadoopAuthCookieStore to handle cases where the cooke value isn't RFC2109 compliant by wrapping the value in double quotes if they are missing.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)