Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

How to Set Up Knox Gateway for Unix Users?

Labels:
avatar
author-rank sparsh_singhal
Contributor

Created ‎05-30-2018 02:11 PM

We have start demo LDAP to access services using Knox gateway. But I want to access those services using my Unix/Posix users, which are already created.

2,762 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank WhiteHa author-rank
Expert Contributor

Created ‎05-31-2018 07:49 AM

@Sparsh Singhal You need to configure your Authentication Provider in Knox topology to use KnoxPamRealm class for setting up PAM Authentication. Follow the link here.

You can have a Ubuntu specific example of PAM configuration (/etc/pam.d/login) here. After successful configuration, you can use existing Unix users to authenticate via Knox.

View solution in original post

2,475 Views
7 REPLIES 7

avatar
author-rank falbani author-rank
Guru

Created ‎05-30-2018 02:40 PM

@Sparsh Singhal following link shows the supported authentication mechanisms and contains the links to the configuration steps:

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/authentication_provider...

HTH

*** If you found this answer addressed your question, please take a moment to login and click the "accept" link on the answer.

2,475 Views
0 Kudos

avatar
author-rank WhiteHa author-rank
Expert Contributor

Created ‎05-31-2018 07:49 AM

@Sparsh Singhal You need to configure your Authentication Provider in Knox topology to use KnoxPamRealm class for setting up PAM Authentication. Follow the link here.

You can have a Ubuntu specific example of PAM configuration (/etc/pam.d/login) here. After successful configuration, you can use existing Unix users to authenticate via Knox.

2,476 Views

avatar
author-rank sparsh_singhal
Contributor

Created ‎05-31-2018 12:10 PM

@Krishna Pandey Linux distro is Centos 7. I tried with PAM Authentication. I am getting HTTP 404 error.

2,475 Views
0 Kudos

avatar
author-rank WhiteHa author-rank
Expert Contributor

Created ‎05-31-2018 12:47 PM

Can you provide more information? Mask any sensitive info and provide 404 error details, it normally means topology is not deployed. Generally, HTTP 401 error you should get for authentication related issues.

2,475 Views
0 Kudos

avatar
author-rank sparsh_singhal
Contributor

Created ‎05-31-2018 01:07 PM

@Krishna Pandey

Yes, the permissions to the topology file were not correct. But now I'm getting this error

HTTP/1.1 401 Unauthorized
Date: Thu, 31 May 2018 13:07:02 GMT
Set-Cookie: rememberMe=deleteMe; Path=/gateway/pamtest; Max-Age=0; Expires=Wed, 30-May-2018 13:07:04 GMT
WWW-Authenticate: BASIC realm="application"
Content-Length: 0
Server: Jetty(9.2.15.v20160210)

The cluster is kerberized as well.

2,475 Views
0 Kudos

avatar
author-rank sparsh_singhal
Contributor

Created ‎05-31-2018 02:06 PM

@Krishna Pandey

Thanks. It worked. Need to give read permission on /etc/shadow to user Knox. Better if we create ACLs for it.

2,475 Views

avatar
author-rank WhiteHa author-rank
Expert Contributor

Created ‎05-31-2018 03:19 PM

Yes, that's required for PAM authentication to work. Happy to help.

2,475 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements