[
https://issues.apache.org/jira/browse/HDFS-5796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14220063#comment-14220063
]
Arun Suresh commented on HDFS-5796:
-----------------------------------
[~benoyantony], Thanks for the pointer to HADOOP-10709
>From what I understand after going thru the patch, it looks like you have a
>_TokenAuthFIlter_ that SKIPs authentication if it finds a DelegationToken in
>the request attribute. But for the delegation token to be there in the first
>place, it would require the user to be get authenticated atleast once (the
>first time).. which is the problem I was trying to solve...
Basically, I was trying to bring the current NN Web UI to user experience
parity prior to HDFS-5382. Correct me if I am wrong, but prior to that, even on
a secure cluster, Web UI access was basically un-authenticated (as _dr.who_
always)..
> The file system browser in the namenode UI requires SPNEGO.
> -----------------------------------------------------------
>
> Key: HDFS-5796
> URL: https://issues.apache.org/jira/browse/HDFS-5796
> Project: Hadoop HDFS
> Issue Type: Bug
> Affects Versions: 2.5.0
> Reporter: Kihwal Lee
> Assignee: Arun Suresh
> Attachments: HDFS-5796.1.patch, HDFS-5796.1.patch
>
>
> After HDFS-5382, the browser makes webhdfs REST calls directly, requiring
> SPNEGO to work between user's browser and namenode. This won't work if the
> cluster's security infrastructure is isolated from the regular network.
> Moreover, SPNEGO is not supposed to be required for user-facing web pages.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
