28787
DISCUSSIONS
102103
MEMBERS
3161
ARTICLES
Created on 05-10-2016 04:04 AM - edited 05-10-2016 04:09 AM
Hey,
I have configured kerberos auth (with database in LDAP) in CDH 5.7 and LDAP authentication in Hue 3.9 (to have users combined in groups) - all is working ok.
But I must support 2 accounts one for kerberos (CDH) and one for LDAP (for Hue). So I've reconfigured Hue to use desktop.auth.backend.SpnegoDjangoBackend according to manuals:
http://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_web_auth.html
https://goo.gl/Oo6uyH (network.negotiate-auth.trusted-uris parameter for FF)
Unfortunetely after last restart I Hue do not let me in, saing my creds are invalid.
In Hue logs I have:
[10/May/2016 12:31:06 +0200] decorators INFO AXES: Calling decorated function: dt_login [10/May/2016 12:31:06 +0200] access WARNING 192.168.1.1 -anon- - "POST /accounts/login/ HTTP/1.1" -- Failed login for user: isegrim [10/May/2016 12:31:06 +0200] decorators INFO AXES: Repeated login failure by 192.168.1.1. Updating access record. Count = 1 [10/May/2016 12:31:06 +0200] middleware ERROR Unexpected error when authenticating against KDC Traceback (most recent call last): File "/opt/cloudera/parcels/CDH-5.7.0-1.cdh5.7.0.p0.45/lib/hue/desktop/core/src/desktop/middleware.py", line 587, in process_request result, context = kerberos.authGSSServerInit('HTTP') GSSError: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('', 100004))
When I enabled 2 backends using Hue 3.9 multibackend authorization feture according to this:
http://gethue.com/configuring-hue-multiple-authentication-backends-and-ldap/
[[auth]] backend=desktop.auth.backend.SpnegoDjangoBackend,desktop.auth.backend.LdapBackend
I am able to login via LDAP account.
My Kerberos install is ok, because I can even kinit as Hue or my user from shell, and beeline and hdfs cli commands are working good with kinit.
Did any one had that problem:
('Unspecified GSS failure. Minor code may provide more information', 851968), ('', 100004)
or knows how to resolve it to be able to use Spnego backend for Hue to authenticate users against Kerberos passwords?