[
https://issues.apache.org/jira/browse/KNOX-2612?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17360185#comment-17360185
]
Rohan Nimmagadda edited comment on KNOX-2612 at 6/9/21, 4:41 PM:
-----------------------------------------------------------------
[~lmccay] The config property hadoop.http.authentication.type, if this is set
to Kerberos, then accessing UIs would need Kerberos credentials on the
client.i'm fine with that , if Knox+webHDFS works in this case.
hadoop.http.authentication.type=kerberos
hadoop.http.authentication.simple.anonymous.allowed=false
and from Knox standpoint, we are getting exception when we set HTTP auth type
to kerberos , in this case webHDFS is secured and Knox is ldap auth
[https://knoxhostname:8443/gateway/default/webhdfs/v1/user/?op=LISTSTATUS|https://drcn1002.target.com:8443/gateway/bigred/webhdfs/v1/user/?op=LISTSTATUS]
\{"RemoteException":{"exception":"UnsupportedOperationException","javaClassName":"java.lang.UnsupportedOperationException","message":"op=NULL
is not supported"}}
was (Author: rohannimmagadda):
[~lmccay] The config property hadoop.http.authentication.type, if this is set
to Kerberos, then accessing UIs would need Kerberos credentials on the
client.i'm fine with that , if Knox+webHDFS works in this case.
hadoop.http.authentication.type=kerberos
hadoop.http.authentication.simple.anonymous.allowed=false
and from Knox standpoint, we are getting exception when we set HTTP auth type
to kerberos , in this case both webHDFS and Knox are secured
[https://knoxhostname:8443/gateway/default/webhdfs/v1/user/?op=LISTSTATUS|https://drcn1002.target.com:8443/gateway/bigred/webhdfs/v1/user/?op=LISTSTATUS]
{"RemoteException":\{"exception":"UnsupportedOperationException","javaClassName":"java.lang.UnsupportedOperationException","message":"op=NULL
is not supported"}}
> Knox + webHDFS is not working with Hadoop 3.3
> ----------------------------------------------
>
> Key: KNOX-2612
> URL: https://issues.apache.org/jira/browse/KNOX-2612
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxSSO, Server
> Affects Versions: 1.4.0, 1.5.0
> Reporter: Rohan Nimmagadda
> Priority: Blocker
>
> Hadoop 3.3 Webhdfs is not working with Knox end point getting below exception
> Tried hadoop side of things by changing hadoop.http.filter.initializers in
> core-site to default AuthFilter and
> org.apache.hadoop.security.AuthenticationFilterInitializer value
> result shows same having issues with webHDFS
> Knox Webhdfs API :
> [https://knoxhost:8443/gateway/default/webhdfs/v1/tmp/?|https://drcn1003.target.com:8443/gateway/bigred/webhdfs/v1/tmp/?]
> &op=LISTSTATUS
> {"RemoteException":\{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed
> to obtain user group information: java.io.IOException: Security enabled but
> user not authenticated by filter"}}
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
