[
https://issues.apache.org/jira/browse/NIFI-1924?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15306169#comment-15306169
]
Andre commented on NIFI-1924:
-----------------------------
{{core-site.xml}} had to be changed to include:
{code}
<property>
<name>hadoop.security.authentication</name>
<value>kerberos</value>
</property>
{code}
However, despite Kerberos is starting to be called (note {{GETDELEGATIONTOKEN}}
).
{code}
GET /webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=keytab-user HTTP/1.1
User-Agent: Java/1.8.0_71
Host: host:14000
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
{code}
Authentication still not possible, with result being:
{code}
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
WWW-Authenticate: Negotiate
WWW-Authenticate: Basic realm="WebLogin"
Set-Cookie: hadoop.auth=; Path=/; Domain=.realm.domain.org; Expires=Thu,
01-Jul-2016 00:00:00 GMT; HttpOnly
Content-Type: text/html;charset=utf-8
Content-Length: 1023
Date: Mon, 30 May 2016 01:47:47 GMT
{code}
[~bbende], this seems to be connected to SPNEGO vs. Delegation token which from
what I gather seems to be a reasonably common issue when using webhdfs with
Kerberos. Would you have any idea how to overcome this?
> Create set of WebHDFS processors
> --------------------------------
>
> Key: NIFI-1924
> URL: https://issues.apache.org/jira/browse/NIFI-1924
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: Andre
>
> Create processors to handle,
> Supported commands for WebHDFS V1
> * GET -> GetWebHDFS
> * OPEN
> * GETFILESTATUS
> * LISTSTATUS
> * GETCONTENTSUMMARy
> * GETFILECHECKSUM
> * GETHOMEDIRECTORY
> * GETDELEGATIONTOKEN
> * GETDELEGATIONTOKENS
> * GETXATTRS
> * LISTXATTRS
> * CHECKACCESS
> * PUT -> PutWebHDFS
> * CREATE
> * MKDIRS
> * CREATESYMLINK
> * RENAME
> * SETREPLICATION
> * SETOWNER
> * SETPERMISSION
> * SETTIMES
> * RENEWDELEGATIONTOKEN
> * CANCELDELEGATIONTOKEN
> * CREATESNAPSHOT
> * RENAMESNAPSHOT
> * SETXATTR
> * REMOVEXATTR
> * POST -> PostWebHDFS
> * APPEND
> * CONCAT
> * TRUNCATE
> * DELETE -> DeleteWebHDFS
> * DELETE
> * DELETESNAPSHOT
> operations against WebHDFS as discussed here:
> http://mail-archives.apache.org/mod_mbox/nifi-users/201604.mbox/%3CCABtjSZk2KLJJVk%2Byk-ySioPxVUV5SLHcN%2BaWMZs1ARpkfy%2B0Ow%40mail.gmail.com%3E
> Required Processor Properties:
> * Namenode Host
> * WebHDFS port
> * WebHDFS API version. Default to v1. Dropdown list of available options.
> Currently there is only v1 but would be good to have that in place to show
> our intentions.
> * Hadoop configuration files. core-site.xml and hdfs-site.xml. These
> configurations files should not be required to keep things lite. However they
> would be required to access a kerberized Hadoop cluster. If these
> configuration files are present they should take precedence over the
> properties set in NameNode host and WebHDFS port.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
