Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
3.4.0
-
Reviewed
Description
Thanks to HADOOP-16527, we can add a whitelist of endpoints to skip Kerberos authentication such as /isActive, /jmx, /prom.
However, I found that ResourceManager and Job History Server doesn't repect hadoop.http.authentication.kerberos.endpoint.whitelist.
To workaround this issue for ResourceManager, set yarn.resourcemanager.webapp.delegation-token-auth-filter.enabled=true in yarn-site.xml.
However, there is no workaround for Job History Server.
This bug is caused by HttpServer2#initSpnego call without proper configurations which starts with "hadoop.http.authentication.".
I will make a PR soon.
Attachments
Attachments
Issue Links
- is broken by
-
HADOOP-16314 Make sure all end point URL is covered by the same AuthenticationFilter
- Resolved
- links to