I have been referring below docs for knoxsso setup:
I have a two node Hadoop cluster setup. My Knox gateway is running at same host as my cluster's namenode is running. I am also running Demo LDAP for authenticating as Knox user.
Now I am trying to access webhdfs via gateway by sending HTTP requests using curl but every time I have to specify username and password with the request. I believe KnoxSSO can help in this case but I am not yet clear about how it works.
Also, I am following the above-mentioned links for the KnoxSSO setup and I am not very clear about configuration setting in user's guide link -> "Participating Application Configuration - Hadoop Configuration Example". Why would we need this?
Knox SSO providing WebSSO capabilities to the Hadoop cluster.
For now, HDP supports SSO for Ambari, Ranger, Atas. Means when you login into Ambari using Knox credentials, you can login into Ranger UI an Atlas UI without credentials on Web Console.
In Next major release we will be supporting All components for SSO, probably in HDP 3.0.
Please let me know if you require any more info on Knox SSO.
Thanks for answering!
So does your answer implies that I have to provide credentials every time I request access to webdhdfs using curl commands.
Can I have a kerberoes authentication setup with the demo ldap to bypass credentials with each request?
It's similar to session maintenance in web - post login, browser receives a cookie which it sends with every request so that it's authenticity session is maintained. So, with knox it should be possible same way (if you can manage to send cookie with each request post the first one). Kerberos is another authentication mechanism so don't think adding the 2 together will help nullify one of it.