Support Questions

antonyshajin · ‎06-30-2016

I have followed link to create alias to store password. First I used plain-text in the topology for password it was working.However when I replaced the password with alias, I am running into 401 error.

Am I missing anything?

attached my topology xml.

./knoxcli.sh create-alias ldcSystemPassword --cluster MyCluster --value Password@123

zblanco · ‎06-30-2016

I'm not sure if this will solve your problem, but let's take a look at the command here:

./knoxcli.sh create-alias ldcSystemPassword --cluster MyCluster --value Password@123

If we refer to the Knox User Guide (https://knox.apache.org/books/knox-0-9-0/user-guide.html#Special+note+on+parameter+main.ldapRealm.contextFactory.systemPassword) subsection on using ALIAS for the password you see the wording:

Assuming the plain text password is “hadoop”, and your topology file name is “hdp.xml”, you would use following command to create the right password alias in credential store.

./knoxcli.sh  create-alias ldcSystemPassword --cluster hdp --value hadoop

It looks as if you need to specifically name the cluster the same as the topology file name. It appears the file you've attached was 'default.xml' so instead you might want to try:

./knoxcli.sh create-alias ldcSystemPassword --cluster default --value Password@123

On the other hand you could also try renaming the file to "MyCluster" as well.

View solution in original post

zblanco · ‎06-30-2016

I'm not sure if this will solve your problem, but let's take a look at the command here:

./knoxcli.sh create-alias ldcSystemPassword --cluster MyCluster --value Password@123

If we refer to the Knox User Guide (https://knox.apache.org/books/knox-0-9-0/user-guide.html#Special+note+on+parameter+main.ldapRealm.contextFactory.systemPassword) subsection on using ALIAS for the password you see the wording:

Assuming the plain text password is “hadoop”, and your topology file name is “hdp.xml”, you would use following command to create the right password alias in credential store.

./knoxcli.sh  create-alias ldcSystemPassword --cluster hdp --value hadoop

It looks as if you need to specifically name the cluster the same as the topology file name. It appears the file you've attached was 'default.xml' so instead you might want to try:

./knoxcli.sh create-alias ldcSystemPassword --cluster default --value Password@123

On the other hand you could also try renaming the file to "MyCluster" as well.

antonyshajin · ‎07-01-2016

Thanks zblanco.

I executed ./knoxcli.sh create-alias ldcSystemPassword --cluster default--value Password@123

and restarted Knox. It is working

lmccay · ‎07-03-2016

Zac is correct. The topologies have always been considered to be cluster definitions thus the cluster name is the topology name. Unfortunately, this sometimes gets confused when folks are using Ambari where you name you cluster as well. They are different things.

Jon_Morisi · ‎03-09-2017

I've noticed the following

This works:

<param>
	<name>main.ldapRealm.contextFactory.systemPassword</name>
	<value>${ALIAS=ldcSystemPassword}</value>
</param>

This does not:

<param name="main.ldapRealm.contextFactory.systemPassword" value=${ALIAS=ldcSystemPassword}/>

Cloudera Community

Support Questions

Knox topology with alias for password not working