[jira] [Commented] (HADOOP-9054) Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication for browsers
[ https://issues.apache.org/jira/browse/HADOOP-9054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13527106#comment-13527106 ] Hudson commented on HADOOP-9054: Integrated in Hadoop-Yarn-trunk #59 (See [https://builds.apache.org/job/Hadoop-Yarn-trunk/59/]) HADOOP-9054. Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication for browsers. (rkanter via tucu) (Revision 1418429) Result = SUCCESS tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1418429 Files : * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/pom.xml * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.java * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/site/apt/Configuration.apt.vm * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/site/apt/index.apt.vm * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAltKerberosAuthenticationHandler.java * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java * /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication for browsers Key: HADOOP-9054 URL: https://issues.apache.org/jira/browse/HADOOP-9054 Project: Hadoop Common Issue Type: New Feature Components: security Reporter: Robert Kanter Assignee: Robert Kanter Fix For: 2.0.3-alpha Attachments: HADOOP-9054.patch, HADOOP-9054.patch, HADOOP-9054.patch, HADOOP-9054.patch It would be useful for some Oozie users if, when using Kerberos, that browser access to the oozie web UI could be authenticated in a different way (w/o Kerberos). This may be useful for other projects using Hadoop-Auth, so this feature is to add a new AuthenticationHandler that uses Kerberos by default, unless a browser (user-agents are configurable) is used, in which case some other form of authentication can be used. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-9054) Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication for browsers
[ https://issues.apache.org/jira/browse/HADOOP-9054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13526582#comment-13526582 ] Hadoop QA commented on HADOOP-9054: --- {color:green}+1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12556379/HADOOP-9054.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 2 new or modified test files. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. The javadoc tool did not generate any warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:green}+1 core tests{color}. The patch passed unit tests in hadoop-common-project/hadoop-auth. {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/1838//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/1838//console This message is automatically generated. Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication for browsers Key: HADOOP-9054 URL: https://issues.apache.org/jira/browse/HADOOP-9054 Project: Hadoop Common Issue Type: New Feature Components: security Reporter: Robert Kanter Assignee: Robert Kanter Fix For: 2.0.3-alpha Attachments: HADOOP-9054.patch, HADOOP-9054.patch, HADOOP-9054.patch, HADOOP-9054.patch It would be useful for some Oozie users if, when using Kerberos, that browser access to the oozie web UI could be authenticated in a different way (w/o Kerberos). This may be useful for other projects using Hadoop-Auth, so this feature is to add a new AuthenticationHandler that uses Kerberos by default, unless a browser (user-agents are configurable) is used, in which case some other form of authentication can be used. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-9054) Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication for browsers
[ https://issues.apache.org/jira/browse/HADOOP-9054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13526647#comment-13526647 ] Hudson commented on HADOOP-9054: Integrated in Hadoop-trunk-Commit #3098 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/3098/]) HADOOP-9054. Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication for browsers. (rkanter via tucu) (Revision 1418429) Result = SUCCESS tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1418429 Files : * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/pom.xml * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.java * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/site/apt/Configuration.apt.vm * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/site/apt/index.apt.vm * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAltKerberosAuthenticationHandler.java * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java * /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication for browsers Key: HADOOP-9054 URL: https://issues.apache.org/jira/browse/HADOOP-9054 Project: Hadoop Common Issue Type: New Feature Components: security Reporter: Robert Kanter Assignee: Robert Kanter Fix For: 2.0.3-alpha Attachments: HADOOP-9054.patch, HADOOP-9054.patch, HADOOP-9054.patch, HADOOP-9054.patch It would be useful for some Oozie users if, when using Kerberos, that browser access to the oozie web UI could be authenticated in a different way (w/o Kerberos). This may be useful for other projects using Hadoop-Auth, so this feature is to add a new AuthenticationHandler that uses Kerberos by default, unless a browser (user-agents are configurable) is used, in which case some other form of authentication can be used. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-9054) Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication for browsers
[ https://issues.apache.org/jira/browse/HADOOP-9054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13507599#comment-13507599 ] Alejandro Abdelnur commented on HADOOP-9054: +1. On Allen's comment the user is going to get bounced around a lot. As a result, this means they might need to re-authenticate on every host if one isn't careful about the implementation. Hadoop-Auth already has provisions for this by allowing you to define a cookie domain. Once you have a hadoop-auth cookie, the authentication-handler code does not kicks in until the cookie expires. Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication for browsers Key: HADOOP-9054 URL: https://issues.apache.org/jira/browse/HADOOP-9054 Project: Hadoop Common Issue Type: New Feature Components: security Reporter: Robert Kanter Assignee: Robert Kanter Fix For: 2.0.3-alpha Attachments: HADOOP-9054.patch, HADOOP-9054.patch It would be useful for some Oozie users if, when using Kerberos, that browser access to the oozie web UI could be authenticated in a different way (w/o Kerberos). This may be useful for other projects using Hadoop-Auth, so this feature is to add a new AuthenticationHandler that uses Kerberos by default, unless a browser (user-agents are configurable) is used, in which case some other form of authentication can be used. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-9054) Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication for browsers
[ https://issues.apache.org/jira/browse/HADOOP-9054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13500368#comment-13500368 ] Robert Kanter commented on HADOOP-9054: --- This is to make it easier for others to implement their own AuthenticationHandler that uses Kerberos in some cases and their own authentication mechanism (which they have to implement themselves; I'll be making an abstract class) in other cases (i.e. browser access). So, I don't think I'd call it chain-able, but maybe mixed. Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication for browsers Key: HADOOP-9054 URL: https://issues.apache.org/jira/browse/HADOOP-9054 Project: Hadoop Common Issue Type: New Feature Components: security Reporter: Robert Kanter Assignee: Robert Kanter Fix For: 1.2.0, 2.0.3-alpha It would be useful for some Oozie users if, when using Kerberos, that browser access to the oozie web UI could be authenticated in a different way (w/o Kerberos). This may be useful for other projects using Hadoop-Auth, so this feature is to add a new AuthenticationHandler that uses Kerberos by default, unless a browser (user-agents are configurable) is used, in which case some other form of authentication can be used. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-9054) Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication for browsers
[ https://issues.apache.org/jira/browse/HADOOP-9054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13500456#comment-13500456 ] Allen Wittenauer commented on HADOOP-9054: -- Maybe this is dumb question but... why does Apache Hadoop need to provide this code, given that this is already pluggable allowing users to provide their own bits now? In other words, if they already have this need to provide two (essentially) incompatible mechanisms what prevents them? Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication for browsers Key: HADOOP-9054 URL: https://issues.apache.org/jira/browse/HADOOP-9054 Project: Hadoop Common Issue Type: New Feature Components: security Reporter: Robert Kanter Assignee: Robert Kanter Fix For: 1.2.0, 2.0.3-alpha It would be useful for some Oozie users if, when using Kerberos, that browser access to the oozie web UI could be authenticated in a different way (w/o Kerberos). This may be useful for other projects using Hadoop-Auth, so this feature is to add a new AuthenticationHandler that uses Kerberos by default, unless a browser (user-agents are configurable) is used, in which case some other form of authentication can be used. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-9054) Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication for browsers
[ https://issues.apache.org/jira/browse/HADOOP-9054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13500462#comment-13500462 ] Robert Kanter commented on HADOOP-9054: --- I suppose there's nothing preventing them from doing it themselves, but this should make it easier as they won't have to worry about Kerberos or managing the two authentication mechanisms; all they'd have to do is implement one method to authenticate using their mechanism and get the other stuff for free from this code. Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication for browsers Key: HADOOP-9054 URL: https://issues.apache.org/jira/browse/HADOOP-9054 Project: Hadoop Common Issue Type: New Feature Components: security Reporter: Robert Kanter Assignee: Robert Kanter Fix For: 1.2.0, 2.0.3-alpha It would be useful for some Oozie users if, when using Kerberos, that browser access to the oozie web UI could be authenticated in a different way (w/o Kerberos). This may be useful for other projects using Hadoop-Auth, so this feature is to add a new AuthenticationHandler that uses Kerberos by default, unless a browser (user-agents are configurable) is used, in which case some other form of authentication can be used. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-9054) Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication for browsers
[ https://issues.apache.org/jira/browse/HADOOP-9054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13499512#comment-13499512 ] Allen Wittenauer commented on HADOOP-9054: -- On the Hadoop side, the authentication handler is already plug-able. So it looks like you want to make them chain-able? Also keep in mind that on the Hadoop-side, the user is going to get bounced around a lot. As a result, this means they might need to re-authenticate on every host if one isn't careful about the implementation. Add AuthenticationHandler that uses Kerberos but allows for an alternate form of authentication for browsers Key: HADOOP-9054 URL: https://issues.apache.org/jira/browse/HADOOP-9054 Project: Hadoop Common Issue Type: New Feature Components: security Reporter: Robert Kanter Assignee: Robert Kanter Fix For: 1.2.0, 2.0.3-alpha It would be useful for some Oozie users if, when using Kerberos, that browser access to the oozie web UI could be authenticated in a different way (w/o Kerberos). This may be useful for other projects using Hadoop-Auth, so this feature is to add a new AuthenticationHandler that uses Kerberos by default, unless a browser (user-agents are configurable) is used, in which case some other form of authentication can be used. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira