Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to configure apache knox for a IPA backed kerberos cluster to access the UI


How to configure apache knox for a IPA backed kerberos cluster to access the UI

New Contributor


I have recently setup a HDP3.1 cluster with kerberos enabled backed by IPA . After the Kerberorization , NameNodeUI , ResourceManagerUI, Spark2History ServerUI are no more accessible openly. They got protected by kerberors authentication mechanism and can be accessed by configuring spnego authentication in the browser. Unfortunately i cannot use spnego authentication model . As per my understanding there are 2 options for me .

Option 1 : Disable the security for the UI and keep them open which is not an option for me .

Option 2: Configure Knox for the perimeter security of the UI .

Based on my reading in Knox documentation and some threads in community connection , with knox we can

  • Configure the knox to integrate with IPA for authentication
  • can define providers that can impersonate the user and generates the necessary tokens for clearing kerberos authentication for the protected UI

I could able to achieve the 1st point where i could able to configure the knox authentication with the IPA but it was not clear to me how to achieve the 2nd step .

Any pointer on how to configure knox keeping the kerberos secured UI would be a great help.

Note: I am pretty new to the Hadoop cluster . Feel free to correct my understanding

Don't have an account?
Coming from Hortonworks? Activate your account here