Have you tried enabling kerberos debugging on the server side? On May 5, 2016 10:50 AM, "Sravya Tirukkovalur" <[email protected]> wrote:
> Forwarding it to [email protected] instead of [email protected] > > ---------- Forwarded message ---------- > From: Sravya Tirukkovalur <[email protected]> > Date: Fri, Apr 29, 2016 at 2:51 PM > Subject: Sentry web server - Spnego > To: dev <[email protected]> > > > Hi Dapeng, > > I am trying to use Sentry webserver in kerberos mode according to > > https://cwiki.apache.org/confluence/display/SENTRY/Sentry+Webserver+Kerberos+Authentication+and+Authorization+Configuration > > Although I am able to write a java client as in test > TestSentryWebServerWithKerberos.java > < > https://github.com/apache/incubator-sentry/blob/master/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java > >, > I am not able to use curl as: > kinit -kt /path/..keytab principal_shortname > curl -i --negotiate -u : "http://host:port/conf"; > > I see an error like "Error 403 GSSException: No valid credentials > provided". Which makes me believe that the ticket is not being propagated > correctly or there is some silly problem in the way I am using curl. But I > tried accessing WebHDFS similarly and I am able to. > > curl -i --negotiate -u : "http://host:port/webhdfs/v1/user?op=LISTSTATUS"; > Have you tried the curl way with Sentry web server and were you successful? > Or has any one tried this yet? > > Thanks! > -- > Sravya Tirukkovalur > > > > -- > Sravya Tirukkovalur >
