Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
MapReduce >> mail # user >> hadoop web UI security


Copy link to this message
-
Re: hadoop web UI security
What you're seeing is the right behavior for the auth type "simple".
It just expects a username, and doesn't do anything other than that -
i.e. there's no passwords/etc. or a user list to cross-reference to.

For securing properly, you'd either need to use kerberos, or develop
your own HTTP auth filter that allows only certain usernames or
expects a password string too/do some other auth mechanism/etc.

On Wed, Sep 11, 2013 at 1:16 PM, Visioner Sadak
<[EMAIL PROTECTED]> wrote:
> Hello friends i m using the below configuration to hide hadoop web UI  the
> problem is that when i access
>
> http://192.34.8.8:50070/    it  works properly and blocks access but when i
> use
>
>
> http://192.34.8.8:50070/dfshealth.jsp?user.name=blahblahh(any
> username)...... it failes and allows access even if i set my signature
> username as hadoopuser
>
> its allowing  access for any  username
>
>
> <property>
> <name>hadoop.http.filter.initializers</name>
>  <value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
> </property>
>
> <property>
> <name>hadoop.http.authentication.type</name>
>  <value>simple</value>
> </property>
>
> <property>
>  <name>hadoop.http.authentication.token.validity</name>
>  <value>60</value>
> </property>
>
> <property>
> <name>hadoop.http.authentication.signature.secret.file</name>
> <value>/home/hadoop/hadoop-0.23.3/conf/security/username</value>
> </property>
>
> <property>
> <name>hadoop.http.authentication.cookie.domain</name>
> <value>
> </value>
> </property>
>
> <property>
> <name>hadoop.http.authentication.simple.anonymous.allowed</name>
> <value>false</value>
> </property>

--
Harsh J