Support Questions
Find answers, ask questions, and share your expertise

Ranger KMS Rest API commands not working in kerberized cluster

Solved Go to solution

Ranger KMS Rest API commands not working in kerberized cluster

Contributor

Hi,

While executing the following Ranger KMS rest API command, we have encountered the exception:

command: curl -u admin:admin -X GET http://<ranger-KMS-server>:9292/kms/v1/keys/names

Exception: Authentication required-This request requires HTTP authentication.

We have created the keyadmin principal with the password keyadmin1 as configured in kms-properties. We can create keys and list keys via Ranger KMS UI. Please advice a solution ASAP.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Ranger KMS Rest API commands not working in kerberized cluster

@Vandana K R you need to use curl's negotiate option to authenticate via SPNEGO:

kinit -kt /etc/security/keytabs/rangerkms.service.keytab rangerkms/HOST@DOMAIN
curl --negotiate -u : -H 'Content-Type: application/json' http://HOST:9292/kms/v1/key/mykey/_metadata

View solution in original post

6 REPLIES 6
Highlighted

Re: Ranger KMS Rest API commands not working in kerberized cluster

Have you tried kinit'ing with the keyadmin principal and then trying the curl call with kerberos auth?

Highlighted

Re: Ranger KMS Rest API commands not working in kerberized cluster

Contributor

@vperiasamy I tried kiniting the keyadmin principal. But still facing the same authentication error.

Highlighted

Re: Ranger KMS Rest API commands not working in kerberized cluster

@Vandana K R you need to use curl's negotiate option to authenticate via SPNEGO:

kinit -kt /etc/security/keytabs/rangerkms.service.keytab rangerkms/HOST@DOMAIN
curl --negotiate -u : -H 'Content-Type: application/json' http://HOST:9292/kms/v1/key/mykey/_metadata

View solution in original post

Highlighted

Re: Ranger KMS Rest API commands not working in kerberized cluster

Contributor

@slachterman thank you it worked with negotiate.

Now when I disabled the kerberos and tried the same rest api command , same exception recreated.

command: curl -u keyadmin:keyadmin1 -X GET http://<ranger-KMS-server>:9292/kms/v1/keys/names

Exception: Authentication required-This request requires HTTP authentication.

Please advice

Highlighted

Re: Ranger KMS Rest API commands not working in kerberized cluster

Hi @Vandana K R, that is really a separate question, would you mind accepting my answer if it resolved your issue and creating a separate post for this issue? That will make it easier for others to find this resolution in the future.

Highlighted

Re: Ranger KMS Rest API commands not working in kerberized cluster

Contributor

thank you,my issue has been resolved with negotiate option.