You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by Sravya Tirukkovalur <sr...@cloudera.com> on 2016/04/29 23:51:54 UTC
Sentry web server - Spnego
Hi Dapeng,
I am trying to use Sentry webserver in kerberos mode according to
https://cwiki.apache.org/confluence/display/SENTRY/Sentry+Webserver+Kerberos+Authentication+and+Authorization+Configuration
Although I am able to write a java client as in test
TestSentryWebServerWithKerberos.java
<https://github.com/apache/incubator-sentry/blob/master/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java>,
I am not able to use curl as:
kinit -kt /path/..keytab principal_shortname
curl -i --negotiate -u : "http://host:port/conf"
I see an error like "Error 403 GSSException: No valid credentials
provided". Which makes me believe that the ticket is not being propagated
correctly or there is some silly problem in the way I am using curl. But I
tried accessing WebHDFS similarly and I am able to.
curl -i --negotiate -u : "http://host:port/webhdfs/v1/user?op=LISTSTATUS"
Have you tried the curl way with Sentry web server and were you successful?
Or has any one tried this yet?
Thanks!
--
Sravya Tirukkovalur
Re: Fwd: Sentry web server - Spnego
Posted by Gregory Chanan <gc...@cloudera.com>.
Have you tried enabling kerberos debugging on the server side?
On May 5, 2016 10:50 AM, "Sravya Tirukkovalur" <sr...@cloudera.com> wrote:
> Forwarding it to dev@s.a.o instead of dev@s.i.a.o
>
> ---------- Forwarded message ----------
> From: Sravya Tirukkovalur <sr...@cloudera.com>
> Date: Fri, Apr 29, 2016 at 2:51 PM
> Subject: Sentry web server - Spnego
> To: dev <de...@sentry.incubator.apache.org>
>
>
> Hi Dapeng,
>
> I am trying to use Sentry webserver in kerberos mode according to
>
> https://cwiki.apache.org/confluence/display/SENTRY/Sentry+Webserver+Kerberos+Authentication+and+Authorization+Configuration
>
> Although I am able to write a java client as in test
> TestSentryWebServerWithKerberos.java
> <
> https://github.com/apache/incubator-sentry/blob/master/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java
> >,
> I am not able to use curl as:
> kinit -kt /path/..keytab principal_shortname
> curl -i --negotiate -u : "http://host:port/conf"
>
> I see an error like "Error 403 GSSException: No valid credentials
> provided". Which makes me believe that the ticket is not being propagated
> correctly or there is some silly problem in the way I am using curl. But I
> tried accessing WebHDFS similarly and I am able to.
>
> curl -i --negotiate -u : "http://host:port/webhdfs/v1/user?op=LISTSTATUS"
> Have you tried the curl way with Sentry web server and were you successful?
> Or has any one tried this yet?
>
> Thanks!
> --
> Sravya Tirukkovalur
>
>
>
> --
> Sravya Tirukkovalur
>
Fwd: Sentry web server - Spnego
Posted by Sravya Tirukkovalur <sr...@cloudera.com>.
Forwarding it to dev@s.a.o instead of dev@s.i.a.o
---------- Forwarded message ----------
From: Sravya Tirukkovalur <sr...@cloudera.com>
Date: Fri, Apr 29, 2016 at 2:51 PM
Subject: Sentry web server - Spnego
To: dev <de...@sentry.incubator.apache.org>
Hi Dapeng,
I am trying to use Sentry webserver in kerberos mode according to
https://cwiki.apache.org/confluence/display/SENTRY/Sentry+Webserver+Kerberos+Authentication+and+Authorization+Configuration
Although I am able to write a java client as in test
TestSentryWebServerWithKerberos.java
<https://github.com/apache/incubator-sentry/blob/master/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java>,
I am not able to use curl as:
kinit -kt /path/..keytab principal_shortname
curl -i --negotiate -u : "http://host:port/conf"
I see an error like "Error 403 GSSException: No valid credentials
provided". Which makes me believe that the ticket is not being propagated
correctly or there is some silly problem in the way I am using curl. But I
tried accessing WebHDFS similarly and I am able to.
curl -i --negotiate -u : "http://host:port/webhdfs/v1/user?op=LISTSTATUS"
Have you tried the curl way with Sentry web server and were you successful?
Or has any one tried this yet?
Thanks!
--
Sravya Tirukkovalur
--
Sravya Tirukkovalur