You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@accumulo.apache.org by "Josh Elser (JIRA)" <ji...@apache.org> on 2015/02/13 21:24:11 UTC
[jira] [Commented] (ACCUMULO-3490) Enable SPNEGO authentication for
monitor
[ https://issues.apache.org/jira/browse/ACCUMULO-3490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14320694#comment-14320694 ]
Josh Elser commented on ACCUMULO-3490:
--------------------------------------
Looks like hadoop-auth contains an AuthenticationFilter class which can be configured with Jetty:
https://github.com/apache/hadoop/blob/f71eb51ab8109c14e8e921751dd5de603bdf2bde/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
Its usage in HBase:
https://github.com/apache/hbase/blob/master/hbase-server/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java#L927
> Enable SPNEGO authentication for monitor
> ----------------------------------------
>
> Key: ACCUMULO-3490
> URL: https://issues.apache.org/jira/browse/ACCUMULO-3490
> Project: Accumulo
> Issue Type: Improvement
> Components: monitor
> Reporter: Josh Elser
> Assignee: Josh Elser
> Fix For: 1.7.0
>
>
> In non-technical terms, if we configure the monitor to support SPNEGO, we can get KRB authentication of clients trying to connect to the Accumulo monitor. This is a typical deployment decision made with Hadoop to protect things like the NN overview page and the RM page.
> Including some authentication for the monitor has some general benefit. It would also be a neat integration with the shell servlet -- automatically log you in and start using the shell in your web-browser.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)