knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dillido...@apache.org
Subject git commit: KNOX-25: Knox should support authentication using SPNEGO from browser
Date Mon, 28 Jul 2014 06:04:35 GMT
Repository: knox
Updated Branches:
  refs/heads/master e59366faf -> fd623eb93


KNOX-25: Knox should support authentication using SPNEGO from browser


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/fd623eb9
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/fd623eb9
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/fd623eb9

Branch: refs/heads/master
Commit: fd623eb936ef96ad91a56f59ad013fb58e379841
Parents: e59366f
Author: Dilli Dorai Arumugam <darumugam@hortonworks.com>
Authored: Sun Jul 27 22:58:56 2014 -0700
Committer: Dilli Dorai Arumugam <darumugam@hortonworks.com>
Committed: Sun Jul 27 22:58:56 2014 -0700

----------------------------------------------------------------------
 gateway-release/home/templates/hadas.xml | 146 ++++++++++++++++++++++++++
 1 file changed, 146 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/fd623eb9/gateway-release/home/templates/hadas.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/templates/hadas.xml b/gateway-release/home/templates/hadas.xml
new file mode 100755
index 0000000..1813b83
--- /dev/null
+++ b/gateway-release/home/templates/hadas.xml
@@ -0,0 +1,146 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<topology>
+
+    <gateway>
+
+        <provider>
+            <role>authentication</role>
+            <name>HadoopAuth</name>
+            <enabled>true</enabled>
+
+            <param>
+                <name>config.prefix</name>
+                <value>hadoop.auth.config</value>
+            </param>
+            <param>
+                <name>hadoop.auth.config.signature.secret</name>
+                <value>78hdkjaka</value>
+            </param>
+            <param>
+                <name>hadoop.auth.config.type</name>
+                <value>kerberos</value>
+            </param>
+            <param>
+                <name>hadoop.auth.config.simple.anonymous.allowed</name>
+                <value>false</value> <!-- default: false -->
+            </param>
+            <param>
+                <name>hadoop.auth.config.token.validity</name>
+                <value>1800</value>
+            </param>
+            <param>
+                <name>hadoop.auth.config.cookie.domain</name>
+                <value>hdp.example.com</value>
+            </param>
+            <param>
+                <name>hadoop.auth.config.cookie.path</name>
+                <value>gateway/hada</value>
+            </param>
+            <param>
+                <name>hadoop.auth.config.kerberos.principal</name>
+                <value>HTTP/hdp.example.com@EXAMPLE.COM</value>
+            </param>
+            <param>
+                <name>hadoop.auth.config.kerberos.keytab</name>
+                <value>/etc/knox/conf/knox.spnego.keytab</value>
+            </param>
+            <param>
+                <name>hadoop.auth.config.kerberos.name.rules</name>
+                <value>DEFAULT</value>
+            </param>
+
+        </provider>
+
+        <provider>
+            <role>identity-assertion</role>
+            <name>Pseudo</name>
+            <enabled>true</enabled>
+	 <!-- param>
+		<name>principal.mapping</name>
+		<value>sam=god;</value>
+	 </param -->
+
+        </provider>
+
+        <!--
+        Defines rules for mapping host names internal to a Hadoop cluster to externally accessible
host names.
+        For example, a hadoop service running in AWS may return a response that includes
URLs containing the
+        some AWS internal host name.  If the client needs to make a subsequent request to
the host identified
+        in those URLs they need to be mapped to external host names that the client Knox
can use to connect.
+
+        If the external hostname and internal host names are same turn of this provider by
setting the value of
+        enabled parameter as false.
+
+        The name parameter specifies the external host names in a comma separated list.
+        The value parameter specifies corresponding internal host names in a comma separated
list.
+
+        Note that when you are using Sandbox, the external hostname needs to be localhost,
as seen in out
+        of box sandbox.xml.  This is because Sandbox uses port mapping to allow clients to
connect to the
+        Hadoop services using localhost.  In real clusters, external host names would almost
never be localhost.
+        -->
+        <provider>
+            <role>hostmap</role>
+            <name>static</name>
+            <enabled>false</enabled>
+            <param><name>localhost</name><value>sandbox,sandbox.hortonworks.com</value></param>
+        </provider>
+
+    </gateway>
+
+    <service>
+        <role>NAMENODE</role>
+        <url>hdfs://hdp.example.com:8020</url>
+    </service>
+
+    <service>
+        <role>JOBTRACKER</role>
+        <url>rpc://hdp.example.com:8050</url>
+    </service>
+
+    <service>
+        <role>WEBHDFS</role>
+        <url>http://hdp.example.com:50070/webhdfs</url>
+    </service>
+
+    <service>
+        <role>WEBHCAT</role>
+        <url>http://hdp.example.com:50111/templeton</url>
+    </service>
+
+    <service>
+        <role>OOZIE</role>
+        <url>http://hdp.example.com:11000/oozie</url>
+    </service>
+
+    <service>
+        <role>WEBHBASE</role>
+        <url>http://hdp.example.com:60080</url>
+    </service>
+
+    <service>
+        <role>HIVE</role>
+        <url>http://hdp.example.com:10001/cliservice</url>
+    </service>
+
+    <service>
+        <role>RESOURCEMANAGER</role>
+        <url>http://localhost:8088/ws</url>
+    </service>
+
+</topology>


Mime
View raw message