Details
-
Test
-
Status: Resolved
-
Major
-
Resolution: Not A Problem
-
None
-
None
-
None
-
None
-
CentOS 6.4 32 bit, jdk1.6_u45,
installed: kerberos5-1.10 server, client
Description
Hi Good Morning,
1) i created kerberos DB, realm and able to test properly
added valid principals, key tab files generated using kadmin, signature created using udev/random
I replaced latest jce libs from oracle to support sha1-96...
$ kinit
$ klist
2) i followed this link and configured appropriate
http://hadoop.apache.org/docs/stable/HttpAuthentication.html
core-site.xml
<!-- HTTP web-consoles Authentication -->
<property>
<name>hadoop.http.filter.initializers</name>
<value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
</property>
<property>
<name>hadoop.http.authentication.type</name>
<value>kerberos</value>
</property>
<property>
<name>hadoop.http.authentication.token.validity</name>
<value>36000</value>
</property>
<property>
<name>hadoop.http.authentication.signature.secret.file</name>
<value>/opt/software/hadoop-1.2.1/conf/security/http-secret-file</value>
</property>
<property>
<name>hadoop.http.authentication.cookie.domain</name>
<value></value>
</property>
<property>
<name>hadoop.http.authentication.simple.anonymous.allowed</name>
<value>false</value>
</property>
<property>
<name>hadoop.http.authentication.kerberos.principal</name>
<value>HTTP/localhost@NARAYANA.LOCAL</value>
</property>
<property>
<name>hadoop.http.authentication.kerberos.keytab</name>
<value>/opt/software/hadoop-1.2.1/conf/security/mergedKT.keytab</value>
</property>
</configuration>
3)I have tested kerberos spengo http to namenode, jobnode on
single cluster environment but failed to access web consoles
On browser: about:config then added negotiate-uri to localhost
On browser : http://localhost:50070
Result: on browser.... index.html 401 error
4) curl -v -u hadoopA --negotiate http://localhost:50070 - works well