You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Kevin Minder (JIRA)" <ji...@apache.org> on 2015/04/28 18:11:07 UTC
[jira] [Commented] (KNOX-25) Knox should support authentication
using SPNEGO from browser
[ https://issues.apache.org/jira/browse/KNOX-25?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14517304#comment-14517304 ]
Kevin Minder commented on KNOX-25:
----------------------------------
This feature cannot be considered complete due to issues encountered with clients such at DistCp which are not capable of SPNEGO authentication when interacting with the DataNode. DistCp expects the BlockAccessToken to be sufficient for access. The same it true for requests that contain delegations tokens. Client typically do not expect a SPNEGO challenge when they provide delegation tokens.
> Knox should support authentication using SPNEGO from browser
> ------------------------------------------------------------
>
> Key: KNOX-25
> URL: https://issues.apache.org/jira/browse/KNOX-25
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
> Affects Versions: 0.2.0
> Reporter: Kevin Minder
> Assignee: Dilli Arumugam
> Fix For: 0.7.0
>
> Attachments: KNOX-25.patch, KNOX-25.patch.1
>
>
> The basic interactions flow might look like this.
> 1. Client authenticates with KDC
> 2. Client requests HDFS resource via gateway
> 3. Knox authenticates client via SPNEGO
> 4. Knox authentication Service via SPNEGO
> 5. Gateway dispatches request and tokens to service.
> 6. Service provides response including hadoop.auth cookie. This prevents subsequent KDC and SPNEGO interactions.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)