You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-dev@hadoop.apache.org by "Suresh Srinivas (JIRA)" <ji...@apache.org> on 2013/08/29 23:47:51 UTC

[jira] [Resolved] (HDFS-5108) hadoop 1.2.1 spengo HTTP web console access issue

     [ https://issues.apache.org/jira/browse/HDFS-5108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Suresh Srinivas resolved HDFS-5108.
-----------------------------------

    Resolution: Not A Problem
    
> hadoop 1.2.1 spengo HTTP web console access issue
> -------------------------------------------------
>
>                 Key: HDFS-5108
>                 URL: https://issues.apache.org/jira/browse/HDFS-5108
>             Project: Hadoop HDFS
>          Issue Type: Test
>         Environment: CentOS 6.4 32 bit, jdk1.6_u45, 
> installed: kerberos5-1.10 server, client
>            Reporter: narayana b
>
> Hi Good Morning,
> 1) i created kerberos DB, realm and able to test properly
>    
>    added valid principals, key tab files generated using kadmin, signature created using udev/random
>    I replaced latest jce libs from oracle to support sha1-96...
>    $ kinit
>    $ klist
> 2) i followed this link and configured appropriate
>      http://hadoop.apache.org/docs/stable/HttpAuthentication.html
> core-site.xml
> <!-- HTTP web-consoles Authentication -->
>   <property>
>     <name>hadoop.http.filter.initializers</name>
>     <value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.type</name>
>     <value>kerberos</value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.token.validity</name>
>     <value>36000</value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.signature.secret.file</name>
>     <value>/opt/software/hadoop-1.2.1/conf/security/http-secret-file</value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.cookie.domain</name>
>     <value></value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.simple.anonymous.allowed</name>
>     <value>false</value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.kerberos.principal</name>
>     <value>HTTP/localhost@NARAYANA.LOCAL</value>
>   </property>
>   <property>
>     <name>hadoop.http.authentication.kerberos.keytab</name>
>     <value>/opt/software/hadoop-1.2.1/conf/security/mergedKT.keytab</value>
>   </property>
> </configuration>
> 3)I have tested kerberos spengo http to namenode, jobnode on 
>    single cluster environment but failed to access web consoles
>    On browser: about:config then added negotiate-uri to localhost
>    On browser : http://localhost:50070 
>    Result: on browser....  index.html 401 error
> 4) curl -v -u hadoopA --negotiate http://localhost:50070 - works well

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira