After installing Atlas 0.7.0 on Ambari 2.4.2 with HDP 2.5.3 and successfully kerberizing the cluster, no kerberos principal is able to login to the Atlas Dashboard. Ranger is installed and the Atlas Plugin is enabled.
While searching through the community sites, i found that there is a default user: admin:admin, which is working.
Kerberos is enabled as authentication in atlas but the application.log just says: UNKNOWN.
How can i setup Atlas to allow existing ambari/kerberos user to login to atlas dashboard?
If I have understood your question correctly, you need something like single sign-on feature which allows you to login once and access all applications.
In this case, you want something like - once you login to ambari UI, atlas dashboard should also be accessible without login prompt.
This is provided by KnoxSSO, which available in atlas-0.8 release.
Nooo...but close. Currently i can only login to the Atlas Dashboard with the default user: admin:admin.
This is quite lame and not to mention insecure. I want to use my already existing ambari (kerberos) users to login to the Atlas Dashboard.
Kerberos authentication is already enabled:
atlas.authentication.keytab=/etc/security/keytabs/ atlas.service.keytabatlas.authentication.method.file=true atlas.authentication.method.file.filename=/etc/atlas/conf/users-credentials.properties atlas.authentication.method.kerberos=true atlas.authentication.method.kerberos.keytab=/etc/security/keytabs/spnego.service.keytab atlas.authentication.method.kerberos.principal=HTTP/_HOST@my.net
Now i want to use these Users to login to the Atlas Dashboad.
Yes, the rule i present. Nevertheless im not able to login with my Kerberos Users. I got the error message:
Invalid User credentials. Please try again.
And none of my users are shown up in the application.log or the audit.log or in the .out log files.
Any clue on this? I mean let me ask you, how do YOU setup your login methods? Do you even use Kerberos?
I think the only autntication methods you can use are
None that equates to admin/admin AD-- Active Directory authentication LDAP---Any LDAP compliant authenitcation
Kerberos is used internally by the hadoop component to authenticate but you will need AD or LDAP to accomplish your security task.(see attached)