Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

How to Set Up Knox Gateway for Unix Users?

Labels:
avatar
author-rank sparsh_singhal
Contributor

Created ‎05-30-2018 02:11 PM

We have start demo LDAP to access services using Knox gateway. But I want to access those services using my Unix/Posix users, which are already created.

3,575 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank WhiteHa author-rank
Expert Contributor

Created ‎05-31-2018 07:49 AM

@Sparsh Singhal You need to configure your Authentication Provider in Knox topology to use KnoxPamRealm class for setting up PAM Authentication. Follow the link here.

You can have a Ubuntu specific example of PAM configuration (/etc/pam.d/login) here. After successful configuration, you can use existing Unix users to authenticate via Knox.

View solution in original post

3,288 Views
7 REPLIES 7

avatar
author-rank falbani author-rank
Guru

Created ‎05-30-2018 02:40 PM

@Sparsh Singhal following link shows the supported authentication mechanisms and contains the links to the configuration steps:

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/authentication_provider...

HTH

*** If you found this answer addressed your question, please take a moment to login and click the "accept" link on the answer.

3,288 Views
0 Kudos

avatar
author-rank WhiteHa author-rank
Expert Contributor

Created ‎05-31-2018 07:49 AM

@Sparsh Singhal You need to configure your Authentication Provider in Knox topology to use KnoxPamRealm class for setting up PAM Authentication. Follow the link here.

You can have a Ubuntu specific example of PAM configuration (/etc/pam.d/login) here. After successful configuration, you can use existing Unix users to authenticate via Knox.

3,289 Views

avatar
author-rank sparsh_singhal
Contributor

Created ‎05-31-2018 12:10 PM

@Krishna Pandey Linux distro is Centos 7. I tried with PAM Authentication. I am getting HTTP 404 error.

3,288 Views
0 Kudos

avatar
author-rank WhiteHa author-rank
Expert Contributor

Created ‎05-31-2018 12:47 PM

Can you provide more information? Mask any sensitive info and provide 404 error details, it normally means topology is not deployed. Generally, HTTP 401 error you should get for authentication related issues.

3,288 Views
0 Kudos

avatar
author-rank sparsh_singhal
Contributor

Created ‎05-31-2018 01:07 PM

@Krishna Pandey

Yes, the permissions to the topology file were not correct. But now I'm getting this error

HTTP/1.1 401 Unauthorized
Date: Thu, 31 May 2018 13:07:02 GMT
Set-Cookie: rememberMe=deleteMe; Path=/gateway/pamtest; Max-Age=0; Expires=Wed, 30-May-2018 13:07:04 GMT
WWW-Authenticate: BASIC realm="application"
Content-Length: 0
Server: Jetty(9.2.15.v20160210)

The cluster is kerberized as well.

3,288 Views
0 Kudos

avatar
author-rank sparsh_singhal
Contributor

Created ‎05-31-2018 02:06 PM

@Krishna Pandey

Thanks. It worked. Need to give read permission on /etc/shadow to user Knox. Better if we create ACLs for it.

3,288 Views

avatar
author-rank WhiteHa author-rank
Expert Contributor

Created ‎05-31-2018 03:19 PM

Yes, that's required for PAM authentication to work. Happy to help.

3,288 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
View More Announcements