[ https://issues.apache.org/jira/browse/NIFI-1924?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15306169#comment-15306169 ]
Andre commented on NIFI-1924: ----------------------------- {{core-site.xml}} had to be changed to include: {code} <property> <name>hadoop.security.authentication</name> <value>kerberos</value> </property> {code} However, despite Kerberos is starting to be called (note {{GETDELEGATIONTOKEN}} ). {code} GET /webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=keytab-user HTTP/1.1 User-Agent: Java/1.8.0_71 Host: host:14000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive {code} Authentication still not possible, with result being: {code} HTTP/1.1 401 Unauthorized Server: Apache-Coyote/1.1 WWW-Authenticate: Negotiate WWW-Authenticate: Basic realm="WebLogin" Set-Cookie: hadoop.auth=; Path=/; Domain=.realm.domain.org; Expires=Thu, 01-Jul-2016 00:00:00 GMT; HttpOnly Content-Type: text/html;charset=utf-8 Content-Length: 1023 Date: Mon, 30 May 2016 01:47:47 GMT {code} [~bbende], this seems to be connected to SPNEGO vs. Delegation token which from what I gather seems to be a reasonably common issue when using webhdfs with Kerberos. Would you have any idea how to overcome this? > Create set of WebHDFS processors > -------------------------------- > > Key: NIFI-1924 > URL: https://issues.apache.org/jira/browse/NIFI-1924 > Project: Apache NiFi > Issue Type: Improvement > Reporter: Andre > > Create processors to handle, > Supported commands for WebHDFS V1 > * GET -> GetWebHDFS > * OPEN > * GETFILESTATUS > * LISTSTATUS > * GETCONTENTSUMMARy > * GETFILECHECKSUM > * GETHOMEDIRECTORY > * GETDELEGATIONTOKEN > * GETDELEGATIONTOKENS > * GETXATTRS > * LISTXATTRS > * CHECKACCESS > * PUT -> PutWebHDFS > * CREATE > * MKDIRS > * CREATESYMLINK > * RENAME > * SETREPLICATION > * SETOWNER > * SETPERMISSION > * SETTIMES > * RENEWDELEGATIONTOKEN > * CANCELDELEGATIONTOKEN > * CREATESNAPSHOT > * RENAMESNAPSHOT > * SETXATTR > * REMOVEXATTR > * POST -> PostWebHDFS > * APPEND > * CONCAT > * TRUNCATE > * DELETE -> DeleteWebHDFS > * DELETE > * DELETESNAPSHOT > operations against WebHDFS as discussed here: > http://mail-archives.apache.org/mod_mbox/nifi-users/201604.mbox/%3CCABtjSZk2KLJJVk%2Byk-ySioPxVUV5SLHcN%2BaWMZs1ARpkfy%2B0Ow%40mail.gmail.com%3E > Required Processor Properties: > * Namenode Host > * WebHDFS port > * WebHDFS API version. Default to v1. Dropdown list of available options. > Currently there is only v1 but would be good to have that in place to show > our intentions. > * Hadoop configuration files. core-site.xml and hdfs-site.xml. These > configurations files should not be required to keep things lite. However they > would be required to access a kerberized Hadoop cluster. If these > configuration files are present they should take precedence over the > properties set in NameNode host and WebHDFS port. -- This message was sent by Atlassian JIRA (v6.3.4#6332)