Accessing the Storm UI Active Directory Trust Configuration
How to access the Storm UI AD trust configuration.
If your cluster is configured with Active Directory Trust, use the Active Directory ticket to communicate with MIT KDC for secure negotiation. Here are the additional configuration steps:
To troubleshoot configuration issues, try accessing the Storm UI within the cluster
using the curl
command.
For example:
curl -i --negotiate -u:anyUser -b ~/cookiejar.txt -c ~/cookiejar.txt
http://storm-ui-hostname:8080/api/v1/cluster/summary
This will help you determine whether the Kerberos UI configuration is working.
To isolate the issue, use Storm service keytabs and user principals.
Two other important things to check are:
- Make sure that the trust is working properly.
- Make sure that the encryption types match on both KDCs.