Cloudera Community

Welcome to the Cloudera Community

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Who agreed with this topic

Hue don't authenticate against kerberos

avatar
author-rank Isegrim
Rising Star

Created on ‎05-10-2016 04:04 AM - edited ‎05-10-2016 04:09 AM

Hey,

 

I have configured kerberos auth (with database in LDAP) in CDH 5.7 and LDAP authentication in Hue 3.9 (to have users combined in groups) - all is working ok.

 

But I must support 2 accounts one for kerberos (CDH) and one for LDAP (for Hue). So I've reconfigured Hue to use desktop.auth.backend.SpnegoDjangoBackend according to manuals:

http://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_web_auth.html

https://goo.gl/Oo6uyH (network.negotiate-auth.trusted-uris parameter for FF)

 

Unfortunetely after last restart I Hue do not let me in, saing my creds are invalid.
In Hue logs I have:

 

[10/May/2016 12:31:06 +0200] decorators   INFO     AXES: Calling decorated function: dt_login
[10/May/2016 12:31:06 +0200] access       WARNING  192.168.1.1 -anon- - "POST /accounts/login/ HTTP/1.1" -- Failed login for user: isegrim
[10/May/2016 12:31:06 +0200] decorators   INFO     AXES: Repeated login failure by 192.168.1.1. Updating access record. Count = 1
[10/May/2016 12:31:06 +0200] middleware   ERROR    Unexpected error when authenticating against KDC
Traceback (most recent call last):
  File "/opt/cloudera/parcels/CDH-5.7.0-1.cdh5.7.0.p0.45/lib/hue/desktop/core/src/desktop/middleware.py", line 587, in process_request
    result, context = kerberos.authGSSServerInit('HTTP')
GSSError: (('Unspecified GSS failure.  Minor code may provide more information', 851968), ('', 100004))

 

When I enabled 2 backends using Hue 3.9 multibackend authorization feture according to this:

http://gethue.com/configuring-hue-multiple-authentication-backends-and-ldap/

 

 

[[auth]]
backend=desktop.auth.backend.SpnegoDjangoBackend,desktop.auth.backend.LdapBackend

 

I am able to login via LDAP account.

 

My Kerberos install is ok, because I can even kinit as Hue or my user from shell, and beeline and hdfs cli commands are working good with kinit.

 

Did any one had that problem:

('Unspecified GSS failure.  Minor code may provide more information', 851968), ('', 100004)

or knows how to resolve it to be able to use Spnego backend for Hue to authenticate users against Kerberos passwords?

 

 

 

2,316
0 Kudos
1
Tags (1)
Who agreed with this topic