You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@slider.apache.org by "Jonathan Maron (JIRA)" <ji...@apache.org> on 2015/01/16 21:16:40 UTC

[jira] [Commented] (SLIDER-693) Need to enable support for spnego/kerberos for AM Rest resources

    [ https://issues.apache.org/jira/browse/SLIDER-693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14280775#comment-14280775 ] 

Jonathan Maron commented on SLIDER-693:
---------------------------------------

May go with following approach:

1)  Handler SPNEGO processing at RM
2)  Establish trust with shared secret between RM and AM

In that way the RM takes care of the secure processing, and the AM focuses on leveraging the passed in doAs identity for its processing (doAs identity manifests as cookie at the AM)

> Need to enable support for spnego/kerberos for AM Rest resources
> ----------------------------------------------------------------
>
>                 Key: SLIDER-693
>                 URL: https://issues.apache.org/jira/browse/SLIDER-693
>             Project: Slider
>          Issue Type: Sub-task
>          Components: appmaster, security
>            Reporter: Jonathan Maron
>            Assignee: Jonathan Maron
>             Fix For: Slider 0.70
>
>
> Need to add the spnego support API calls to the AM WebApp to enable the kerberos configuration for the AM exposed REST endpoint (Not agent facing server).  This is required to support trust proxy configuration for knox integration.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)