[jira] [Updated] (KNOX-25) Access Kerberos secured Hadoop cluster via gateway using SPNEGO

["Dilli Arumugam (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/KNOX-25?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dilli Arumugam updated KNOX-25:
-------------------------------


Clarifying the requirement here:

Knox should be able to authenticate end user at the browser with SPNego and assert the identity of the end user to the backend Hadoop services.

If the back end hadoop services are running with simple security, Knox would propagate end user identity as user.name query param.

If the back end hadoop services are running with kerberos security, Knox would authenticate itself with back end services using SPNego and propagate end user identity as "doAs" query parameter.


                
> Access Kerberos secured Hadoop cluster via gateway using SPNEGO
> ---------------------------------------------------------------
>
>                 Key: KNOX-25
>                 URL: https://issues.apache.org/jira/browse/KNOX-25
>             Project: Apache Knox
>          Issue Type: New Feature
>          Components: Server
>            Reporter: Kevin Minder
>            Assignee: Dilli Arumugam
>
> From BUG-4304
> The basic interactions flow might look like this.
> 1. Client authenticates with KDC
> 2. Client requests HDFS resource via gateway
> 3. Gateway forwards original request to service
> 4. Service challenges with SPNEGO
> 5. Gateway returns challenge to client.
> 6. Client resends request with tokens
> 7. Gateway dispatches request and tokens to service.
> 8. Service provides response including hadoop.auth cookie. This prevents subsequent KDC and SPNEGO interactions.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira