You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@accumulo.apache.org by "Josh Elser (JIRA)" <ji...@apache.org> on 2015/02/13 21:24:11 UTC

[jira] [Commented] (ACCUMULO-3490) Enable SPNEGO authentication for monitor

    [ https://issues.apache.org/jira/browse/ACCUMULO-3490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14320694#comment-14320694 ] 

Josh Elser commented on ACCUMULO-3490:
--------------------------------------

Looks like hadoop-auth contains an AuthenticationFilter class which can be configured with Jetty:

https://github.com/apache/hadoop/blob/f71eb51ab8109c14e8e921751dd5de603bdf2bde/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java

Its usage in HBase:

https://github.com/apache/hbase/blob/master/hbase-server/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java#L927

> Enable SPNEGO authentication for monitor
> ----------------------------------------
>
>                 Key: ACCUMULO-3490
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3490
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: monitor
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>             Fix For: 1.7.0
>
>
> In non-technical terms, if we configure the monitor to support SPNEGO, we can get KRB authentication of clients trying to connect to the Accumulo monitor. This is a typical deployment decision made with Hadoop to protect things like the NN overview page and the RM page.
> Including some authentication for the monitor has some general benefit. It would also be a neat integration with the shell servlet -- automatically log you in and start using the shell in your web-browser.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)