----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72024/#review224105 -----------------------------------------------------------
What will happens at following situation? 1. A kerberosized browser with unauthorized principal want to login to ranger by HTML form using another user/password. 2. A kerberosized browser with different KDC want to login to ranger by by HTML form using another user/password. - Kirby Zhou On 二月 28, 2022, 7:35 p.m., Vishal Suvagia wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72024/ > ----------------------------------------------------------- > > (Updated 二月 28, 2022, 7:35 p.m.) > > > Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, > Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, > and Velmurugan Periasamy. > > > Bugs: RANGER-2704 > https://issues.apache.org/jira/browse/RANGER-2704 > > > Repository: ranger > > > Description > ------- > > Need to support browser login using kerberos authentication. Added a logout > for an unauthenticated user to redirect to the login page. > > > Diffs > ----- > > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java > 223a991c76bae7d25f5ce89604d0a8a90d426fe5 > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java > abbf2d983beb30b59e5d3f6429d6fc226f735793 > security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml > 0a1128613dca50fe67ea3f891261f1ee449c46db > > > Diff: https://reviews.apache.org/r/72024/diff/2/ > > > Testing > ------- > > Veriried kerberos ticket authentication is working on a kerberized browser. > > > Steps to test for a kerberized browser: > #1) For Kerberized browsers: > #1> To open Chrome in kerberos enabled mode need to run below command: > google-chrome --auth-server-whitelist="*ranger.testserver.com" > #2> For Firefox, need to go to about:configs and then search for > negotiate and then add the host domain > ranger.testserver.com to the property > "network.negotiate-auth.trusted-uris" > #2) Perform kinit with the required user. > #3) Open the Ranger Admin portal using FQDN of the server host. > > > File Attachments > ---------------- > > RANGER-2704.patch > > https://reviews.apache.org/media/uploaded/files/2020/01/17/8c9682ca-1ade-4281-89e7-d43a8af09300__RANGER-2704.patch > > > Thanks, > > Vishal Suvagia > >