Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Plain View
MapReduce, mail # user - hadoop web UI security


+
Visioner Sadak 2013-09-11, 07:46
+
Visioner Sadak 2013-09-11, 10:08
+
Harsh J 2013-09-11, 16:07
Copy link to this message
-
Re: hadoop web UI security
Visioner Sadak 2013-09-11, 19:32
Ohh god i think i have messed up!!!!!! badly............  I think my only
option is to go for custom writing an AuthenticatorHandler as mentioned
here http://hadoop.apache.org/docs/stable/HttpAuthentication.html
does anyone know any links on how to do it......

 Thanks a lot harsh...........

On Wed, Sep 11, 2013 at 9:37 PM, Harsh J <[EMAIL PROTECTED]> wrote:

> What you're seeing is the right behavior for the auth type "simple".
> It just expects a username, and doesn't do anything other than that -
> i.e. there's no passwords/etc. or a user list to cross-reference to.
>
> For securing properly, you'd either need to use kerberos, or develop
> your own HTTP auth filter that allows only certain usernames or
> expects a password string too/do some other auth mechanism/etc.
>
> On Wed, Sep 11, 2013 at 1:16 PM, Visioner Sadak
> <[EMAIL PROTECTED]> wrote:
> > Hello friends i m using the below configuration to hide hadoop web UI
>  the
> > problem is that when i access
> >
> > http://192.34.8.8:50070/    it  works properly and blocks access but
> when i
> > use
> >
> >
> > http://192.34.8.8:50070/dfshealth.jsp?user.name=blahblahh(any
> > username)...... it failes and allows access even if i set my signature
> > username as hadoopuser
> >
> > its allowing  access for any  username
> >
> >
> > <property>
> > <name>hadoop.http.filter.initializers</name>
> >
>  <value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
> > </property>
> >
> > <property>
> > <name>hadoop.http.authentication.type</name>
> >  <value>simple</value>
> > </property>
> >
> > <property>
> >  <name>hadoop.http.authentication.token.validity</name>
> >  <value>60</value>
> > </property>
> >
> > <property>
> > <name>hadoop.http.authentication.signature.secret.file</name>
> > <value>/home/hadoop/hadoop-0.23.3/conf/security/username</value>
> > </property>
> >
> > <property>
> > <name>hadoop.http.authentication.cookie.domain</name>
> > <value>
> > </value>
> > </property>
> >
> > <property>
> > <name>hadoop.http.authentication.simple.anonymous.allowed</name>
> > <value>false</value>
> > </property>
>
>
>
> --
> Harsh J
>