[jira] [Comment Edited] (KNOX-916) When REST endpoint enables SPNEGO and there is valid kerberos ticket cache for knox user, REST call through knox will show 401 error

Jeffrey E Rodriguez (JIRA) Thu, 30 Mar 2017 11:12:08 -0700

    [ 
https://issues.apache.org/jira/browse/KNOX-916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15949522#comment-15949522
 ]


Jeffrey E  Rodriguez edited comment on KNOX-916 at 3/30/17 6:11 PM:
--------------------------------------------------------------------

Sarah, any reason why we are running kinit "knox principal (knox/_HOSTNAME) " ? 
, in your testcase. As a user you shouldn't do that. 


was (Author: jeffreyr97):
Sarah, any reason why we are running kinit "knox principal (knox/_HOSTNAME) " ? 

> When REST endpoint enables SPNEGO and there is valid kerberos ticket cache 
> for knox user, REST call through knox will show 401 error
> ------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: KNOX-916
>                 URL: https://issues.apache.org/jira/browse/KNOX-916
>             Project: Apache Knox
>          Issue Type: Bug
>    Affects Versions: 0.11.0
>            Reporter: Shi Wang
>            Assignee: Shi Wang
>
> For example, if webhdfs uses SPNEGO authentication, and curl through knox, su 
> knoxuser and klist, if there is valid kerberos ticket cached for knoxuser, 
> then it will show 401 unauthorized error. But if the cached ticket expired or 
> do not have any cached ticket, could get 200 correct result.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Comment Edited] (KNOX-916) When REST endpoint enables SPNEGO and there is valid kerberos ticket cache for knox user, REST call through knox will show 401 error

Reply via email to