Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Authentication to Knox

Highlighted

Authentication to Knox

Explorer

Hi, I am writing a Java application that needs to access to HDP services through Knox. I want to have authentication at Knox to protect my cluster. I understand that I'll connect Knox to my LDAP server. How can my application will authenticate to Knox in order to access to HDP services ? can I avoid sending username/password when call Knox API ?

I am on HDP 2.5

5 REPLIES 5
Highlighted

Re: Authentication to Knox

Explorer

To be more accurate, when a user call a service through Knox, he provides user-name/password in the curl command.

Are these credentials sent unencrypted over the wire and hence can be spoofed ? if yes, does ssl provide a solution for this ?

How can a client authenticate to Knox without provide these information ? (tokens, or other solution)

I have been reading about SPENGO but I don't understand how all these protocols interact.

Highlighted

Re: Authentication to Knox

Rising Star

@Adel Ouazani Knox requires User to provide Username/Password for authentication. Knox can be configured to use Basic/LDAP/AD/Single Sign-On (SAML based Identity Provider e.g. Okta or default Form-based authentication provided with Knox). Knox uses HTTPS by default and out-of-the-box and hence credentials won't be sent unencrypted. After successful authentication, Knox uses it's own SPNEGO (Kerberos) keytab to authenticate with other hadoop services e.g. WebHDFS, Hive, Oozie, etc.

Highlighted

Re: Authentication to Knox

Explorer
I would like to know what the username / password is required
Highlighted

Re: Authentication to Knox

Rising Star

@xu yadong Depends on the configuration. For example, If you have integrated Knox to use Active Directory, use your AD credentials. If you are using Knox DemoLDAP, check users.ldif file.

Highlighted

Re: Authentication to Knox

New Contributor

@Krishna Pandey Suppose we want a specific node to be authenticated by Knox such that whenever a request comes from the node it is entertained without requiring username-password. How can it be done?

I have asked it here at https://community.hortonworks.com/questions/155452/how-can-we-authenticate-a-node-via-knox.html

Don't have an account?
Coming from Hortonworks? Activate your account here