[
https://issues.apache.org/jira/browse/ACCUMULO-3490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14320694#comment-14320694
]
Josh Elser commented on ACCUMULO-3490:
--------------------------------------
Looks like hadoop-auth contains an AuthenticationFilter class which can be
configured with Jetty:
https://github.com/apache/hadoop/blob/f71eb51ab8109c14e8e921751dd5de603bdf2bde/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
Its usage in HBase:
https://github.com/apache/hbase/blob/master/hbase-server/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java#L927
> Enable SPNEGO authentication for monitor
> ----------------------------------------
>
> Key: ACCUMULO-3490
> URL: https://issues.apache.org/jira/browse/ACCUMULO-3490
> Project: Accumulo
> Issue Type: Improvement
> Components: monitor
> Reporter: Josh Elser
> Assignee: Josh Elser
> Fix For: 1.7.0
>
>
> In non-technical terms, if we configure the monitor to support SPNEGO, we can
> get KRB authentication of clients trying to connect to the Accumulo monitor.
> This is a typical deployment decision made with Hadoop to protect things like
> the NN overview page and the RM page.
> Including some authentication for the monitor has some general benefit. It
> would also be a neat integration with the shell servlet -- automatically log
> you in and start using the shell in your web-browser.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
