Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to Set Up Knox Gateway for Unix Users?

Solved Go to solution

How to Set Up Knox Gateway for Unix Users?

Contributor

We have start demo LDAP to access services using Knox gateway. But I want to access those services using my Unix/Posix users, which are already created.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: How to Set Up Knox Gateway for Unix Users?

Rising Star

@Sparsh Singhal You need to configure your Authentication Provider in Knox topology to use KnoxPamRealm class for setting up PAM Authentication. Follow the link here.

You can have a Ubuntu specific example of PAM configuration (/etc/pam.d/login) here. After successful configuration, you can use existing Unix users to authenticate via Knox.

7 REPLIES 7

Re: How to Set Up Knox Gateway for Unix Users?

@Sparsh Singhal following link shows the supported authentication mechanisms and contains the links to the configuration steps:

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/authentication_provider...

HTH

*** If you found this answer addressed your question, please take a moment to login and click the "accept" link on the answer.

Re: How to Set Up Knox Gateway for Unix Users?

Rising Star

@Sparsh Singhal You need to configure your Authentication Provider in Knox topology to use KnoxPamRealm class for setting up PAM Authentication. Follow the link here.

You can have a Ubuntu specific example of PAM configuration (/etc/pam.d/login) here. After successful configuration, you can use existing Unix users to authenticate via Knox.

Re: How to Set Up Knox Gateway for Unix Users?

Contributor

@Krishna Pandey Linux distro is Centos 7. I tried with PAM Authentication. I am getting HTTP 404 error.

Re: How to Set Up Knox Gateway for Unix Users?

Rising Star

Can you provide more information? Mask any sensitive info and provide 404 error details, it normally means topology is not deployed. Generally, HTTP 401 error you should get for authentication related issues.

Re: How to Set Up Knox Gateway for Unix Users?

Contributor

@Krishna Pandey

Yes, the permissions to the topology file were not correct. But now I'm getting this error

HTTP/1.1 401 Unauthorized
Date: Thu, 31 May 2018 13:07:02 GMT
Set-Cookie: rememberMe=deleteMe; Path=/gateway/pamtest; Max-Age=0; Expires=Wed, 30-May-2018 13:07:04 GMT
WWW-Authenticate: BASIC realm="application"
Content-Length: 0
Server: Jetty(9.2.15.v20160210)

The cluster is kerberized as well.

Re: How to Set Up Knox Gateway for Unix Users?

Contributor

@Krishna Pandey

Thanks. It worked. Need to give read permission on /etc/shadow to user Knox. Better if we create ACLs for it.

Highlighted

Re: How to Set Up Knox Gateway for Unix Users?

Rising Star

Yes, that's required for PAM authentication to work. Happy to help.