[ https://issues.apache.org/jira/browse/HDDS-1901?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nanda kumar updated HDDS-1901: ------------------------------ Sprint: HDDS Biscayne > Fix Ozone HTTP WebConsole Authentication > ---------------------------------------- > > Key: HDDS-1901 > URL: https://issues.apache.org/jira/browse/HDDS-1901 > Project: Hadoop Distributed Data Store > Issue Type: Bug > Affects Versions: 0.4.0 > Reporter: Vivek Ratnavel Subramanian > Assignee: Xiaoyu Yao > Priority: Major > > This was found during integration testing where the http authentication is > enabled but anonymous can still access the ozone http web console like > scm:9876 or om:9874. This can be reproed with the following configurations > added to the ozonesecure docker-compose. > {code} > CORE-SITE.XML_hadoop.http.authentication.simple.anonymous.allowed=false > CORE-SITE.XML_hadoop.http.authentication.signature.secret.file=/etc/security/http_secret > CORE-SITE.XML_hadoop.http.authentication.type=kerberos > CORE-SITE.XML_hadoop.http.authentication.kerberos.principal=HTTP/_h...@example.com > CORE-SITE.XML_hadoop.http.authentication.kerberos.keytab=/etc/security/keytabs/HTTP.keytab > CORE-SITE.XML_hadoop.http.filter.initializers=org.apache.hadoop.security.AuthenticationFilterInitializer > {code} > After debugging into the KerberosAuthenticationFilter, the root cause is the > name of the keytab does not follow the AuthenticationFilter tradition. The > fix is to changeĀ > hdds.scm.http.kerberos.keytab.file to hdds.scm.http.kerberos.keytab and > hdds.om.http.kerberos.keytab.file to hdds.om.http.kerberos.keytab > I will also add an integration test for this under ozonesecure > docker-compose. -- This message was sent by Atlassian JIRA (v7.6.14#76016) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org