Is there a way to position a server behind the Knox perimeter such that authentication via Knox is not required for requests to YARN, Name Node and HDFS from that server?
@Ben Weiss Is your intention to expose those services and/or UIs (RM, NN, WebHDFS) outside the cluster without requiring authentication? But you still want Knox to require authentication for other REST interfaces (WebHCat, WebHBase, etc)?
@Alex Miller - Intent is to keep all those services behind Knox so that they require authentication for anyone requesting. Except for one application on the server that would bypass Knox. People using this application would authenticate via that application using LDAP/secure impersonation, and maintain Hadoop cluster security integrity. Maybe a better way to phrase what I am asking is "Can one configure Knox to allow a particular server to bypass Knox authentication?" This server would be doing its own authentication equivalent to that of Knox.
Depending on the special-case application, using the Knox federation provider might be an option. You could use two (or more) Knox topologies: one for LDAP authentication; another for federation.
If the special-case application doesn't need to go through Knox, then you could run it in parallel on the gateway node (or an edge node) and allow it direct access to the cluster.