[ https://issues.apache.org/jira/browse/HADOOP-18666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17700590#comment-17700590 ]
ASF GitHub Bot commented on HADOOP-18666: ----------------------------------------- eubnara commented on PR #5480: URL: https://github.com/apache/hadoop/pull/5480#issuecomment-1469703918 what is the value of hadoop.http.filter.initializers in your env? > A whitelist of endpoints to skip Kerberos authentication doesn't work for > ResourceManager and Job History Server > ---------------------------------------------------------------------------------------------------------------- > > Key: HADOOP-18666 > URL: https://issues.apache.org/jira/browse/HADOOP-18666 > Project: Hadoop Common > Issue Type: Bug > Components: security > Reporter: YUBI LEE > Assignee: YUBI LEE > Priority: Major > Labels: pull-request-available > Attachments: HADOOP-18666-branch-3.3.4.patch > > > Thanks to HADOOP-16527, we can add a whitelist of endpoints to skip Kerberos > authentication such as {{/isActive}}, {{/jmx}}, {{/prom}}. > However, I found that ResourceManager and Job History Server doesn't repect > {{hadoop.http.authentication.kerberos.endpoint.whitelist}}. > To workaround this issue for ResourceManager, set > {{yarn.resourcemanager.webapp.delegation-token-auth-filter.enabled=true}} in > yarn-site.xml. > However, there is no workaround for Job History Server. > This bug is caused by {{HttpServer2#initSpnego}} call without proper > configurations which starts with "{{hadoop.http.authentication.}}". > I will make a PR soon. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org