You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Yuanbo Liu (JIRA)" <ji...@apache.org> on 2016/10/11 10:06:21 UTC
[jira] [Created] (HADOOP-13707) If kerberos is enabled while HTTP
SPNEGO is not configured, some links cannot be accessed
Yuanbo Liu created HADOOP-13707:
-----------------------------------
Summary: If kerberos is enabled while HTTP SPNEGO is not configured, some links cannot be accessed
Key: HADOOP-13707
URL: https://issues.apache.org/jira/browse/HADOOP-13707
Project: Hadoop Common
Issue Type: Bug
Reporter: Yuanbo Liu
In {{HttpServer2#hasAdministratorAccess}}, it uses `hadoop.security.authorization` to detect whether HTTP is authenticated.
It's not correct, because enabling Kerberos and HTTP SPNEGO are two steps. If Kerberos is enabled while HTTP SPNEGO is not, some links cannot be accessed, such as "/logs", and it will return error message as below:
{quote}
HTTP ERROR 403
Problem accessing /logs/. Reason:
User dr.who is unauthorized to access this page.
{quote]
We should use {{adoop.http.authentication.type}} instead of {{hadoop.security.authorization}} to detect whether HTTP authentication is enabled, if the value of {{adoop.http.authentication.type}} equals `simple`, anybody has administrator access.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org