Member since
05-23-2018
7
Posts
0
Kudos Received
0
Solutions
06-22-2018
07:02 AM
Hi @Felix Albani, The above issue is solved. Now we are facing strange thing, we have created a new user say snehal, created snehal@EXAMPLE.COM principal and snehal.keytab with this principal. And added "hadoop.proxyuser.snehal.groups=* , ,hadoop.proxyuser.snehal.hosts=* " properties in HDFS->config->custome-core site. same way added property for webhcat also. Now i am hitting > GET https://host:8443/gateway/default/webhdfs/v1/?op=GETHOMEDIRECTORY&user.name=snehal I am getting {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}}
Non activated Name node :https://host:8443/gateway/default, Error Message: 403#@_#{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}} Tried many ways like, adding the user snehal in supergroup, also did "kdestroy -> kinit with snehal keytab and principal" many times with different users also, Restarted ambari-server. But no luck. Thanks, Snehal
... View more
06-14-2018
12:38 PM
Thank you @Felix Albani for help. Sorry for delayed response. It saved my time and worked when I imported public certs of respective machines.
... View more
06-11-2018
01:24 PM
Hi, I have added Knox service to the cluster and enabled the ssl .Now I want to enable mutual auth. I have followed the steps from https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.4/bk_security/content/setting_up_2-way_ssl_authentication.html. Where I have created gateway.jks (using cd $gateway bin/knoxcli.cmd create-cert --hostname $gateway-hostname command) and given truststore file path of the same in gateway-site.xml. Now I want to know where to provide keystore file path for client side authentication when I put "gateway.client.auth.needed = true" in gateway-site.xml file.
... View more
Labels:
- Labels:
-
Apache Knox