i was testing using the acl for spark ui in secure mode on yarn in client
mode.
it works great. my spark 1.0.0 configuration has:
spark.authenticate = true
spark.ui.acls.enable = true
spark.ui.view.acls = koert
spark.ui.filters =
org.apache.hadoop.security.authentication.server.AuthenticationFilter
spark.org.apache.hadoop.security.authentication.server.AuthenticationFilter.params="type=kerberos,kerberos.principal=HTTP/mybox@MYDOMAIN
,kerberos.keytab=/some/keytab"
i confirmed that i can access the ui from firefox after doing kinit.
however i also saw this in the logs of my driver program:
2014-07-07 17:21:56 DEBUG server.Server: RESPONSE /broadcast_0 401
handled=true
and
2014-07-07 17:21:56 DEBUG server.Server: REQUEST
/jars/somejar-assembly-0.1-SNAPSHOT.jar on BlockingHttpConnection@3d6396f5
,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParse\
r{s=-5,l=10,c=0},r=1
2014-07-07 17:21:56 DEBUG server.Server: RESPONSE
/jars/somejar-assembly-0.1-SNAPSHOT.jar 401 handled=true
what does this mean? is the webserver also responsible for handing out
other stuff such as broadcast variables and jars, and is this now being
rejected by my servlet filter? thats not good... the 401 response is
exactly the same one i see when i try to access the website after kdestroy.
for example:
2014-07-07 17:35:08 DEBUG server.AuthenticationFilter: Request [
http://mybox:5001/] triggering authentication
2014-07-07 17:35:08 DEBUG server.Server: RESPONSE / 401 handled=true
