Hi Dapeng, I am trying to use Sentry webserver in kerberos mode according to https://cwiki.apache.org/confluence/display/SENTRY/Sentry+Webserver+Kerberos+Authentication+and+Authorization+Configuration
Although I am able to write a java client as in test TestSentryWebServerWithKerberos.java <https://github.com/apache/incubator-sentry/blob/master/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java>, I am not able to use curl as: kinit -kt /path/..keytab principal_shortname curl -i --negotiate -u : "http://host:port/conf"; I see an error like "Error 403 GSSException: No valid credentials provided". Which makes me believe that the ticket is not being propagated correctly or there is some silly problem in the way I am using curl. But I tried accessing WebHDFS similarly and I am able to. curl -i --negotiate -u : "http://host:port/webhdfs/v1/user?op=LISTSTATUS"; Have you tried the curl way with Sentry web server and were you successful? Or has any one tried this yet? Thanks! -- Sravya Tirukkovalur
