Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
3.1.0, 3.2.0
-
None
Description
When knox is configured, the configuration hadoop.http.authentication.type is set to org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler instead of kerberos.
We have the following check in ApiServiceClient#getApiClient for kerberos.
if (conf.get("hadoop.http.authentication.type").equals("kerberos")) { try { URI url = new URI(requestPath); String challenge = YarnClientUtils.generateToken(url.getHost()); builder.header(HttpHeaders.AUTHORIZATION, "Negotiate " + challenge); } catch (Exception e) { throw new IOException(e); } }
So we always get 401 error since there is no auth handled for knox.