https://community.cloudera.com/t5/Support-Questions/KNOX-Kerberos-webHDFS-HA/m-p/214765#M176677 <P><A rel="user" href="https://community.cloudera.com/users/1637/muditcse.html" nodeid="1637">@Mudit Kumar</A></P><P>Your configuration looks good however the Curl command seems incorrect.</P><P><STRONG>Your command </STRONG>as following:</P><PRE># curl -k -i -vvvv --negotiate -u : "http://&lt;knox1&gt;:50070/gateway/&lt;cluster_name&gt;/webhdfs/v1/user?=op=LISTSTATUS"</PRE><P>.</P><P>In the above command we see that you are using "http://&lt;knox1&gt;:<STRONG>50070</STRONG>". (which is a direct port 50070 for HDFS namenode) ideally you should be hitting the Knox port. Also as knox is a trusted proxy hence you do not need to use "--negotiate" in the curl command (as long as you have not configured knox for SPNEGO authentication)</P><P>Hence you should try with the following kind of commands:</P><P><STRONG>As knox by default runs on "https" (instead of "http" and it';s default port is 8443 (instead of 50070) hence polease try this. Also please pass knox LDAP credentials.<BR /></STRONG></P><PRE># curl -k -i -vvvv -u guest:guest-password "https://&lt;knox1&gt;:8443/gateway/&lt;topology_name&gt;/webhdfs/v1/user?=op=LISTSTATUS" Example: ----------- # curl -k -i -vvvv -u guest:guest-password "https://&lt;knox1&gt;:8443/gateway/defaqult/webhdfs/v1/user?=op=LISTSTATUS"</PRE><P>.</P><P>Here the &lt;topolofy_name&gt; should be your knox topology name like "default" </P> Wed, 24 Oct 2018 10:00:21 GMT jsensharma 2018-10-24T10:00:21Z