[
https://issues.apache.org/jira/browse/HDFS-5796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14387306#comment-14387306
]
Allen Wittenauer commented on HDFS-5796:
----------------------------------------
Why are we rushing such an important issue? If 2.7 is "late" (whatever that
means), so be it.
That said, was this actually tested with an AltKerberos implementation that
passes custom settings through the initializer? At least from what we saw
prior to this flurry of patches getting pushed in, there was more to this than
just the auth cookie in the complex cases. Or should we just live with the
custom fix we put in place for our 2.4.1 deploy and make a new JIRA if/when
this breaks when we move to 3.x?
> The file system browser in the namenode UI requires SPNEGO.
> -----------------------------------------------------------
>
> Key: HDFS-5796
> URL: https://issues.apache.org/jira/browse/HDFS-5796
> Project: Hadoop HDFS
> Issue Type: Bug
> Affects Versions: 2.5.0
> Reporter: Kihwal Lee
> Assignee: Ryan Sasson
> Priority: Blocker
> Attachments: HDFS-5796.1.patch, HDFS-5796.1.patch, HDFS-5796.2.patch,
> HDFS-5796.3.patch, HDFS-5796.3.patch, HDFS-5796.4.patch
>
>
> After HDFS-5382, the browser makes webhdfs REST calls directly, requiring
> SPNEGO to work between user's browser and namenode. This won't work if the
> cluster's security infrastructure is isolated from the regular network.
> Moreover, SPNEGO is not supposed to be required for user-facing web pages.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
