Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-13119

Add ability to secure log servlet using proxy users

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.8.0, 2.7.4
    • 2.9.0, 2.7.4, 3.0.0-alpha4, 2.8.2
    • None
    • Incompatible change

    Description

      User Hadoop on secure mode.
      login as kdc user, kinit.
      start firefox and enable Kerberos
      access http://localhost:50070/logs/
      Get 403 authorization errors.
      only hdfs user could access logs.
      Would expect as a user to be able to web interface logs link.
      Same results if using curl:
      curl -v --negotiate -u tester: http://localhost:50070/logs/
      HTTP/1.1 403 User tester is unauthorized to access this page.
      so:
      1. either don't show links if hdfs user is able to access.
      2. provide mechanism to add users to web application realm.
      3. note that we are pass authentication so the issue is authorization to /logs/

      suspect that /logs/ path is secure in webdescriptor so suspect users by default don't have access to secure paths.

      Attachments

        1. screenshot-1.png
          43 kB
          Yuanbo Liu
        2. HADOOP-13119.005.patch
          21 kB
          Yuanbo Liu
        3. HADOOP-13119.005.patch
          21 kB
          Yuanbo Liu
        4. HADOOP-13119.004.patch
          20 kB
          Yuanbo Liu
        5. HADOOP-13119.003.patch
          19 kB
          Yuanbo Liu
        6. HADOOP-13119.002.patch
          22 kB
          Yuanbo Liu
        7. HADOOP-13119.001.patch
          24 kB
          Yuanbo Liu

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            yuanbo Yuanbo Liu
            jeffreyr97 Jeffrey E Rodriguez
            Votes:
            0 Vote for this issue
            Watchers:
            22 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment