question Can someone help me understand Knox impersonation in Support Questions https://community.cloudera.com/t5/Support-Questions/Can-someone-help-me-understand-Knox-impersonation/m-p/232628#M194466 <P>I have user as 'knox' on hadoop cluster (Kerberos enabled). I am running Demo LDAP for Knox authentication. </P><P>My proxy settings in core-site.xml:</P><P>hadoop.proxyuser.knox.groups = users</P><P>hadoop.proxyuser.knox.hosts = [myhadoopMasterNode_Hostname]</P><P>Now I am trying to run curl command using username 'guest' and pwd 'guest-password' from users.ldif file. </P><P>This is giving error: knox is not able to impersonate guest.</P><P>Then I changed this property: hadoop.proxyuser.knox.groups=*. I am able to run curl command successfully.</P><P>Please help me understand two things:</P><P>1) How this property(hadoop.proxyuser.knox.groups) setting is working&gt;</P><P>2) Can identity-assertion property in topology file can help resolving this same issue?</P> Wed, 25 Oct 2017 01:57:05 GMT nhgodwal 2017-10-25T01:57:05Z Can someone help me understand Knox impersonation https://community.cloudera.com/t5/Support-Questions/Can-someone-help-me-understand-Knox-impersonation/m-p/232628#M194466 <P>I have user as 'knox' on hadoop cluster (Kerberos enabled). I am running Demo LDAP for Knox authentication. </P><P>My proxy settings in core-site.xml:</P><P>hadoop.proxyuser.knox.groups = users</P><P>hadoop.proxyuser.knox.hosts = [myhadoopMasterNode_Hostname]</P><P>Now I am trying to run curl command using username 'guest' and pwd 'guest-password' from users.ldif file. </P><P>This is giving error: knox is not able to impersonate guest.</P><P>Then I changed this property: hadoop.proxyuser.knox.groups=*. I am able to run curl command successfully.</P><P>Please help me understand two things:</P><P>1) How this property(hadoop.proxyuser.knox.groups) setting is working&gt;</P><P>2) Can identity-assertion property in topology file can help resolving this same issue?</P> Wed, 25 Oct 2017 01:57:05 GMT https://community.cloudera.com/t5/Support-Questions/Can-someone-help-me-understand-Knox-impersonation/m-p/232628#M194466 nhgodwal 2017-10-25T01:57:05Z Re: Can someone help me understand Knox impersonation https://community.cloudera.com/t5/Support-Questions/Can-someone-help-me-understand-Knox-impersonation/m-p/232629#M194467 <P>This is because 'guest' user in the Demo Ldap does not belong to group "users". For this to work you should create a group "users" in the demo ldap (users.ldif) and add guest user to it. You could try to impersonate 'guest' to a user who belongs to 'users' group on the machine.</P> Thu, 26 Oct 2017 01:28:58 GMT https://community.cloudera.com/t5/Support-Questions/Can-someone-help-me-understand-Knox-impersonation/m-p/232629#M194467 smore 2017-10-26T01:28:58Z