Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Plain View
MapReduce >> mail # user >> hadoop web UI security


+
Visioner Sadak 2013-09-11, 07:46
+
Visioner Sadak 2013-09-11, 10:08
Copy link to this message
-
Re: hadoop web UI security
What you're seeing is the right behavior for the auth type "simple".
It just expects a username, and doesn't do anything other than that -
i.e. there's no passwords/etc. or a user list to cross-reference to.

For securing properly, you'd either need to use kerberos, or develop
your own HTTP auth filter that allows only certain usernames or
expects a password string too/do some other auth mechanism/etc.

On Wed, Sep 11, 2013 at 1:16 PM, Visioner Sadak
<[EMAIL PROTECTED]> wrote:
> Hello friends i m using the below configuration to hide hadoop web UI  the
> problem is that when i access
>
> http://192.34.8.8:50070/    it  works properly and blocks access but when i
> use
>
>
> http://192.34.8.8:50070/dfshealth.jsp?user.name=blahblahh(any
> username)...... it failes and allows access even if i set my signature
> username as hadoopuser
>
> its allowing  access for any  username
>
>
> <property>
> <name>hadoop.http.filter.initializers</name>
>  <value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
> </property>
>
> <property>
> <name>hadoop.http.authentication.type</name>
>  <value>simple</value>
> </property>
>
> <property>
>  <name>hadoop.http.authentication.token.validity</name>
>  <value>60</value>
> </property>
>
> <property>
> <name>hadoop.http.authentication.signature.secret.file</name>
> <value>/home/hadoop/hadoop-0.23.3/conf/security/username</value>
> </property>
>
> <property>
> <name>hadoop.http.authentication.cookie.domain</name>
> <value>
> </value>
> </property>
>
> <property>
> <name>hadoop.http.authentication.simple.anonymous.allowed</name>
> <value>false</value>
> </property>

--
Harsh J
+
Visioner Sadak 2013-09-11, 19:32
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB