You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-dev@hadoop.apache.org by "Tarun Parimi (JIRA)" <ji...@apache.org> on 2019/02/27 05:07:00 UTC

[jira] [Created] (YARN-9334) YARN Service Client does not work with SPNEGO when knox is configured

Tarun Parimi created YARN-9334:
----------------------------------

             Summary: YARN Service Client does not work with SPNEGO when knox is configured
                 Key: YARN-9334
                 URL: https://issues.apache.org/jira/browse/YARN-9334
             Project: Hadoop YARN
          Issue Type: Bug
          Components: yarn-native-services
    Affects Versions: 3.2.0, 3.1.0
            Reporter: Tarun Parimi


When knox is configured, the configuration hadoop.http.authentication.type is set to org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler instead of kerberos.

We have the following check in ApiServiceClient#getApiClient for kerberos.
{code:java}
if (conf.get("hadoop.http.authentication.type").equals("kerberos")) {
      try {
        URI url = new URI(requestPath);
        String challenge = YarnClientUtils.generateToken(url.getHost());
        builder.header(HttpHeaders.AUTHORIZATION, "Negotiate " + challenge);
      } catch (Exception e) {
        throw new IOException(e);
      }
    }
{code}

So we always get 401 error since there is no auth handled for knox.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-dev-help@hadoop.apache.org