[
https://issues.apache.org/jira/browse/KNOX-27?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13674038#comment-13674038
]
Dilli Arumugam commented on KNOX-27:
------------------------------------
Larry,
Work on eliminating the dependency on system property for determining
whether do pass doas parameter is planned. Kevin also pointed the need
for this.
At the same time, one Gateway supporting multiple clusters with each
cluster having its own KDC would be challenging. Kerberos JAAS config
properties have to be set globally at JDK level of Gateway.
As I understand HSSO roadmap also requires one Gateway per cluster.
We could discuss this over chat or phone to get better clarification.
Thanks
Dilli
> Access Kerberos secured Hadoop cluster via gateway using basic auth
> credentials
> -------------------------------------------------------------------------------
>
> Key: KNOX-27
> URL: https://issues.apache.org/jira/browse/KNOX-27
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
> Reporter: Kevin Minder
> Assignee: Dilli Arumugam
> Attachments: KNOX-27.patch, knox-with-secure-cluster.patch
>
>
> From BUG-4306
> The basic interactions flow might look like this.
> 1. Client requests HDFS resource via gateway
> 2. Gateway challenges with basic auth
> 3. Gateway authenticates with KDC and receives token
> 4. Gateway forwards original request to service
> 5. Service challenges with SPNEGO
> 6. Gateway provides token received from KDC
> 7. Service provides response including hadoop.auth cookie. This prevents
> subsequent KDC and SPNEGO interactions.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
