[
https://issues.apache.org/jira/browse/HADOOP-16287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16839156#comment-16839156
]
Prabhu Joseph commented on HADOOP-16287:
----------------------------------------
[~eyang] Have added new filter initializer
{{ProxyUserAuthenticationFilterInitializer}} which adds
{{ProxyUserAuthenticationFilter}} in [^HADOOP-16287-006.patch] and below
documentation.
{code}
Trusted Proxy
------------------
Trusted Proxy adds support to perform operations using end user instead of
proxy user. It fetches the end user from doAs query parameter. To enable
Trusted Proxy, please set the following configuration parameter:
Add
org.apache.hadoop.security.authentication.server.ProxyUserAuthenticationFilterInitializer
to hadoop.http.filter.initializers at the end in core-site.xml.
{code}
> KerberosAuthenticationHandler Trusted Proxy Support for Knox
> ------------------------------------------------------------
>
> Key: HADOOP-16287
> URL: https://issues.apache.org/jira/browse/HADOOP-16287
> Project: Hadoop Common
> Issue Type: New Feature
> Components: auth
> Affects Versions: 3.2.0
> Reporter: Prabhu Joseph
> Assignee: Prabhu Joseph
> Priority: Major
> Attachments: HADOOP-16287-001.patch, HADOOP-16287-002.patch,
> HADOOP-16287-004.patch, HADOOP-16287-005.patch, HADOOP-16287-006.patch,
> HADOOP-16827-003.patch
>
>
> Knox passes doAs with end user while accessing RM, WebHdfs Rest Api.
> Currently KerberosAuthenticationHandler sets the remote user to Knox. Need
> Trusted Proxy Support by reading doAs query parameter.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
