I have recently setup a HDP3.1 cluster with kerberos enabled backed by IPA . After the Kerberorization , NameNodeUI , ResourceManagerUI, Spark2History ServerUI are no more accessible openly. They got protected by kerberors authentication mechanism and can be accessed by configuring spnego authentication in the browser. Unfortunately i cannot use spnego authentication model . As per my understanding there are 2 options for me .
Option 1 : Disable the security for the UI and keep them open which is not an option for me .
Option 2: Configure Knox for the perimeter security of the UI .
Based on my reading in Knox documentation and some threads in community connection , with knox we can
Configure the knox to integrate with IPA for authentication
can define providers that can impersonate the user and generates the necessary tokens for clearing kerberos authentication for the protected UI
I could able to achieve the 1st point where i could able to configure the knox authentication with the IPA but it was not clear to me how to achieve the 2nd step .
Any pointer on how to configure knox keeping the kerberos secured UI would be a great help.
Note: I am pretty new to the Hadoop cluster . Feel free to correct my understanding