[ https://issues.apache.org/jira/browse/KNOX-25?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13966881#comment-13966881 ]
Dilli Arumugam commented on KNOX-25: ------------------------------------ revising summary to reflect the fact that Knox should support authenticating browser user with SPNego irrespective of whether Hadoop cluster is secure or not > Access Kerberos securKnox should support authentication using SPNEGO from > browser > --------------------------------------------------------------------------------- > > Key: KNOX-25 > URL: https://issues.apache.org/jira/browse/KNOX-25 > Project: Apache Knox > Issue Type: New Feature > Components: Server > Affects Versions: 0.2.0 > Reporter: Kevin Minder > Assignee: Dilli Arumugam > Fix For: 0.5.0 > > > From BUG-4304 > The basic interactions flow might look like this. > 1. Client authenticates with KDC > 2. Client requests HDFS resource via gateway > 3. Gateway forwards original request to service > 4. Service challenges with SPNEGO > 5. Gateway returns challenge to client. > 6. Client resends request with tokens > 7. Gateway dispatches request and tokens to service. > 8. Service provides response including hadoop.auth cookie. This prevents > subsequent KDC and SPNEGO interactions. -- This message was sent by Atlassian JIRA (v6.2#6252)