[
https://issues.apache.org/jira/browse/HDFS-4585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13601144#comment-13601144
]
Daryn Sharp commented on HDFS-4585:
-----------------------------------
Yes, HADOOP-8616 does appear to resolve the issue. My lingering concern is why
curl and hadoop handle cross-realm authed users differently. One of them
probably isn't strictly compliant with the SPNEGO spec. Ie. Either curl is
sending additional unnecessary info, or hadoop isn't sending enough yet still
"works", or both of their behavior is acceptable per the spec?
> Webhdfs sometimes can't negotiate a SPNEGO token
> ------------------------------------------------
>
> Key: HDFS-4585
> URL: https://issues.apache.org/jira/browse/HDFS-4585
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: webhdfs
> Affects Versions: 2.0.0-alpha, 3.0.0, 0.23.7
> Reporter: Daryn Sharp
>
> I'm not sure if this is a curl problem or webhdfs problem, but webhdfs will
> reject some users because the Authorization header is too big. In the case
> below, the header contains 4041 bytes, whereas a keytab user is generating
> 1745 bytes. The failed user can use webhdfs via "hadoop fs", but not via
> curl.
> {noformat}
> curl -v --negotiate -u : 'http://host/webhdfs/v1/?op=GETDELEGATIONTOKEN'
> > GET /webhdfs/v1/?op=GETDELEGATIONTOKEN HTTP/1.1
> > Authorization: Negotiate <<4041 bytes>>
> > User-Agent: curl/7.19.5
> > Host: host
> > Accept: */*
> >
> < HTTP/1.1 413 FULL head
> < Connection: close
> < Server: Jetty(6.1.26)
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
