[jira] [Comment Edited] (HADOOP-16287) KerberosAuthenticationHandler Trusted Proxy Support for Knox

2019-05-07 Thread Prabhu Joseph (JIRA)


[ 
https://issues.apache.org/jira/browse/HADOOP-16287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16834607#comment-16834607
 ] 

Prabhu Joseph edited comment on HADOOP-16287 at 5/7/19 12:17 PM:
-

[~daryn] [~eyang] Thanks for the review. When testing the patch-001 with YARN 
RM UI and Knox Gateway using multiple browsers in parallel, observed AuthToken 
for user1 is used for all the subsequent operations.

Have set the impersonated user in http request attribute "doAsUser". YARN RM UI 
code will define a filter initializer which adds the 
{{ProxyUserAuthenticationFIlter}}. RM UI code can lists apps based on the end 
user instead of proxy user.


was (Author: prabhu joseph):
[~daryn] [~eyang] Thanks for the review. When testing the patch-001 with YARN 
RM UI and Knox Gateway using multiple browsers in parallel, observed AuthToken 
for user1 is used for all the subsequent operations.

Have set the impersonated user in http request attribute "proxyUser". YARN RM 
UI code will define a filter initializer which adds the 
{{ProxyUserAuthenticationFIlter}}. RM UI code can lists apps based on the end 
user instead of proxy user.

> KerberosAuthenticationHandler Trusted Proxy Support for Knox
> 
>
> Key: HADOOP-16287
> URL: https://issues.apache.org/jira/browse/HADOOP-16287
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: auth
>Affects Versions: 3.2.0
>Reporter: Prabhu Joseph
>Assignee: Prabhu Joseph
>Priority: Major
> Attachments: HADOOP-16287-001.patch, HADOOP-16287-002.patch, 
> HADOOP-16827-003.patch
>
>
> Knox passes doAs with end user while accessing RM, WebHdfs Rest Api. 
> Currently KerberosAuthenticationHandler sets the remote user to Knox. Need 
> Trusted Proxy Support by reading doAs query parameter.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org



[jira] [Comment Edited] (HADOOP-16287) KerberosAuthenticationHandler Trusted Proxy Support for Knox

2019-05-23 Thread Eric Yang (JIRA)


[ 
https://issues.apache.org/jira/browse/HADOOP-16287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16846799#comment-16846799
 ] 

Eric Yang edited comment on HADOOP-16287 at 5/23/19 3:40 PM:
-

I just committed this to trunk.  
Thank you [~Prabhu Joseph] for the patch.
Thank you [~lmccay] for the review.


was (Author: eyang):
I just committed this to trunk.  Thank you [~Prabhu Joseph].

> KerberosAuthenticationHandler Trusted Proxy Support for Knox
> 
>
> Key: HADOOP-16287
> URL: https://issues.apache.org/jira/browse/HADOOP-16287
> Project: Hadoop Common
>  Issue Type: Sub-task
>  Components: auth
>Affects Versions: 3.2.0
>Reporter: Prabhu Joseph
>Assignee: Prabhu Joseph
>Priority: Major
> Fix For: 3.3.0
>
> Attachments: HADOOP-16287-001.patch, HADOOP-16287-002.patch, 
> HADOOP-16287-004.patch, HADOOP-16287-005.patch, HADOOP-16287-006.patch, 
> HADOOP-16287-007.patch, HADOOP-16827-003.patch
>
>
> Knox passes doAs with end user while accessing RM, WebHdfs Rest Api. 
> Currently KerberosAuthenticationHandler sets the remote user to Knox. Need 
> Trusted Proxy Support by reading doAs query parameter.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org