[ https://issues.apache.org/jira/browse/ACCUMULO-3490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14320694#comment-14320694 ]
Josh Elser commented on ACCUMULO-3490: -------------------------------------- Looks like hadoop-auth contains an AuthenticationFilter class which can be configured with Jetty: https://github.com/apache/hadoop/blob/f71eb51ab8109c14e8e921751dd5de603bdf2bde/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java Its usage in HBase: https://github.com/apache/hbase/blob/master/hbase-server/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java#L927 > Enable SPNEGO authentication for monitor > ---------------------------------------- > > Key: ACCUMULO-3490 > URL: https://issues.apache.org/jira/browse/ACCUMULO-3490 > Project: Accumulo > Issue Type: Improvement > Components: monitor > Reporter: Josh Elser > Assignee: Josh Elser > Fix For: 1.7.0 > > > In non-technical terms, if we configure the monitor to support SPNEGO, we can > get KRB authentication of clients trying to connect to the Accumulo monitor. > This is a typical deployment decision made with Hadoop to protect things like > the NN overview page and the RM page. > Including some authentication for the monitor has some general benefit. It > would also be a neat integration with the shell servlet -- automatically log > you in and start using the shell in your web-browser. -- This message was sent by Atlassian JIRA (v6.3.4#6332)