Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Plain View
Hadoop >> mail # general >> HTTP transport?


+
Doug Cutting 2009-09-11, 21:41
+
Patrick Hunt 2009-11-12, 22:22
+
Scott Carey 2009-09-26, 00:36
+
Doug Cutting 2009-09-28, 17:01
+
Owen OMalley 2009-09-28, 17:59
+
Doug Cutting 2009-09-28, 22:42
+
Sanjay Radia 2009-09-29, 18:52
+
Doug Cutting 2009-09-29, 19:43
+
stack 2009-09-29, 20:38
+
Doug Cutting 2009-09-29, 21:08
+
stack 2009-09-29, 21:57
+
Doug Cutting 2009-09-29, 23:17
+
Devaraj Das 2009-09-29, 23:57
+
Scott Carey 2009-09-30, 01:37
+
Eric Sammer 2009-10-05, 20:43
+
Ryan Rawson 2009-10-05, 20:47
+
Eric Sammer 2009-10-05, 20:53
+
Scott Carey 2009-10-06, 02:59
+
Eric Sammer 2009-10-06, 03:15
+
Scott Carey 2009-10-06, 03:30
+
Owen OMalley 2009-10-08, 22:10
+
Doug Cutting 2009-10-09, 17:49
+
Sanjay Radia 2009-10-09, 18:13
+
Doug Cutting 2009-10-09, 19:56
+
Kan Zhang 2009-10-14, 01:59
+
Doug Cutting 2009-10-14, 16:37
+
Kan Zhang 2009-11-06, 19:15
Copy link to this message
-
Re: HTTP transport?
Kan Zhang wrote:
> Thanks for pointing this out. I did a little testing on it. It seems that
> when you use Kerberos cipher suites with SSL, the Kerberos service name for
> a TLS server has to be literally "host." For example, a TLS server running
> on the machine mach1.imc.org in the Kerberos realm IMC.ORG must use
> host/[EMAIL PROTECTED] as its Kerberos principal name. I couldn't find a
> way to specify a different service name. Can someone confirm this? This can
> be a limitation since we typically run DN and TT on the same set of nodes.

This is unfortunate.  It looks to be part of the specification.

BTW, I found an approach to Kerberos over HTTP bypassing SPNEGO:

http://beamdocs.fnal.gov/DocDB/0019/001987/001/KMJ3_1-guide.pdf

Starting on page 13, he suggests having an applet that the browser loads
to create a ticket.  The ticket is created by the user's browser talking
directly to Kerberos.  Then the ticket can be used in subsequent
requests to identify the user.  An application using HTTP could
similarly contact Kerberos directly to create tickets that are sent with
requests.  No multi-step HTTP handshake is thus required.

Doug
+
Kan Zhang 2009-10-14, 17:45
+
Scott Carey 2009-10-11, 01:11
+
Scott Carey 2009-10-06, 03:19
+
Scott Carey 2009-09-30, 03:06
+
Ryan Rawson 2009-09-30, 03:20
+
Raghu Angadi 2009-09-29, 22:11
+
Doug Cutting 2009-09-29, 23:35
+
Sanjay Radia 2009-09-30, 23:04
+
Sanjay Radia 2009-10-05, 16:41
+
Doug Cutting 2009-10-05, 23:48
+
Sanjay Radia 2009-09-28, 20:13
+
Ryan Rawson 2009-10-05, 20:57
+
Eric Sammer 2009-10-05, 21:13