Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Can Knox connect to a database of users and passwords or does it require LDAP Authentication?

Can Knox connect to a database of users and passwords or does it require LDAP Authentication?

Explorer

Reading through the documentation of Knox it looks like there is support for LDAP Authentication out of the box. Is there the capability to connect knox to any type of user/password store?

1 REPLY 1
Highlighted

Re: Can Knox connect to a database of users and passwords or does it require LDAP Authentication?

Expert Contributor

For demo purposes, you can use capability of Shiro to embed users directly within its configuration (in our case knox-topology file). This approach is largely taken to “shake out” the process of editing topology files for various purposes. At the same time it minimizes external dependencies to help ensure a successful starting point.

Your knox-topology would look like this:

<topology>
  <gateway>
    <provider>
      <role>authentication</role>
      <name>ShiroProvider</name>
      <enabled>true</enabled>
      <param name="users.admin" value="admin-secret"/>
      <param name="urls./**" value="authcBasic"/>
    </provider>
  </gateway>
  <service>
    <role>KNOX</role>
  </service>
</topology>

Testing the topology through KNOX API with the embeded admin user.

curl -u admin:admin-secret -ik 'https://localhost:8443/gateway/sample1/api/v1/version'

Obviously not a replacement to integrating with LDAP but good way to test and start manipulating your topology file.

Don't have an account?
Coming from Hortonworks? Activate your account here