Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

How to disable SPNEGO login on HDF (Ambari) NiFi and NiFi-Registry

avatar
author-rank DigitalPlumber author-rank
Expert Contributor

Created on ‎07-15-2020 12:18 PM - edited on ‎07-17-2020 03:06 AM by Community Manager Community Manager

When NiFi is secured for TLS server authentication, at UI login time first it tries to use TLS certificates if loaded on the browser and then, it tries to use SPNEGO authentication, and finally, it falls back to your configured login provider.

If you KERBERISE the cluster via AMBARI and want to use login-providers like LDAP or KERBEROS, it automatically sets the following properties which enable SPNEGO authentication.

nifi.kerberos.spnego.keytab.location 
nifi.kerberos.spnego.principal

 

 Furthermore, SPNEGO properties through AMBARI are greyed out for:

Screen Shot 2020-07-15 at 2.39.53 PM.png

COMMAND:

  1. From your Amabari manager host, change the setting for NiFi, where the text in red is tailored to your unique environment:
  • nifi.kerberos.spnego.keytab.location to be blank:
  1. ./configs.py -a set -s http -l c2288-node1.squadron.support.hortonworks.com -t 8080 -n c2288  -u admin -p AdminPassword -c nifi-properties -k 'nifi.kerberos.spnego.keytab.location' -v ''
  • nifi.kerberos.spnego.principal to be blank
  1. ./configs.py -a set -s http -l c2288-node1.squadron.support.hortonworks.com -t 8080 -n c2288 -u admin -p AdminPassword -c nifi-properties -k 'nifi.kerberos.spnego.principal' -v ''
    -a set
-s http or https
-l fqdn of ambari host
-t port number ambari is listening on
-n ambari cluster name ( you can get that from top right UI )
-u user that has edit privileges on ambari
-p the password for that user
-c the config type in this case nifi.properties
-k the key to change
-v the value to change
  2. You can also do this for NiFi Registry with the following sample commands: 
    ./configs.py -a set -s http -l c2288-node1.squadron.support.hortonworks.com -t 8080 -n c2288 -u admin -p AdminPassword -c nifi-registry-properties -k 'nifi.registry.kerberos.spnego.principal' -v ''
    ./configs.py -a set -s http -l c2288-node1.squadron.support.hortonworks.com -t 8080 -n c2288 -u admin -p AdminPassword -c nifi-registry-properties -k 'nifi.registry.kerberos.spnego.principal' -v ''
  3. Restart NiFi and/or NiFi Registry and ensure that you clear your browser cache.
  4. You should see the following on Ambari config sections of NiFi and/or NiFi registry:Screen Shot 2020-07-15 at 3.15.29 PM.png

 

799 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements
Version history
Last update:
‎07-17-2020 03:06 AM
Updated by:
Community Manager Community Manager