Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Threaded View
MapReduce >> mail # user >> hadoop web UI security


Copy link to this message
-
Re: hadoop web UI security
Ohh god i think i have messed up!!!!!! badly............  I think my only
option is to go for custom writing an AuthenticatorHandler as mentioned
here http://hadoop.apache.org/docs/stable/HttpAuthentication.html
does anyone know any links on how to do it......

 Thanks a lot harsh...........

On Wed, Sep 11, 2013 at 9:37 PM, Harsh J <[EMAIL PROTECTED]> wrote:

> What you're seeing is the right behavior for the auth type "simple".
> It just expects a username, and doesn't do anything other than that -
> i.e. there's no passwords/etc. or a user list to cross-reference to.
>
> For securing properly, you'd either need to use kerberos, or develop
> your own HTTP auth filter that allows only certain usernames or
> expects a password string too/do some other auth mechanism/etc.
>
> On Wed, Sep 11, 2013 at 1:16 PM, Visioner Sadak
> <[EMAIL PROTECTED]> wrote:
> > Hello friends i m using the below configuration to hide hadoop web UI
>  the
> > problem is that when i access
> >
> > http://192.34.8.8:50070/    it  works properly and blocks access but
> when i
> > use
> >
> >
> > http://192.34.8.8:50070/dfshealth.jsp?user.name=blahblahh(any
> > username)...... it failes and allows access even if i set my signature
> > username as hadoopuser
> >
> > its allowing  access for any  username
> >
> >
> > <property>
> > <name>hadoop.http.filter.initializers</name>
> >
>  <value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
> > </property>
> >
> > <property>
> > <name>hadoop.http.authentication.type</name>
> >  <value>simple</value>
> > </property>
> >
> > <property>
> >  <name>hadoop.http.authentication.token.validity</name>
> >  <value>60</value>
> > </property>
> >
> > <property>
> > <name>hadoop.http.authentication.signature.secret.file</name>
> > <value>/home/hadoop/hadoop-0.23.3/conf/security/username</value>
> > </property>
> >
> > <property>
> > <name>hadoop.http.authentication.cookie.domain</name>
> > <value>
> > </value>
> > </property>
> >
> > <property>
> > <name>hadoop.http.authentication.simple.anonymous.allowed</name>
> > <value>false</value>
> > </property>
>
>
>
> --
> Harsh J
>
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB