[
https://issues.apache.org/jira/browse/KNOX-27?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dilli Arumugam updated KNOX-27:
-------------------------------
Attachment: knox-with-secure-cluster.patch
Patch to make knox work with secure cluster.
The patch code has been verified with secure hdfs and secure oozie. We could
not verify the patch code with Templeton due to a known Hive Jira HIVE-4601.
After applying the patch, Knox would work fine with insecure hadoop cluster as
usual. You do not have to make any config changes.
To work with secure cluster, you would have to set the value of
gateway.hadoop.kerberos.secured to true in gateway-site.xml and set up
approriate krb5.conf, knox key tab file and krb5JaasLogin.conf.
Would like to commit the code so that we do not lose it.
It would also be easy to review with phased commits.
The risk is low for any existing functionality.
> Access Kerberos secured Hadoop cluster via gateway using basic auth
> credentials
> -------------------------------------------------------------------------------
>
> Key: KNOX-27
> URL: https://issues.apache.org/jira/browse/KNOX-27
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
> Reporter: Kevin Minder
> Assignee: Dilli Arumugam
> Attachments: knox-with-secure-cluster.patch
>
>
> From BUG-4306
> The basic interactions flow might look like this.
> 1. Client requests HDFS resource via gateway
> 2. Gateway challenges with basic auth
> 3. Gateway authenticates with KDC and receives token
> 4. Gateway forwards original request to service
> 5. Service challenges with SPNEGO
> 6. Gateway provides token received from KDC
> 7. Service provides response including hadoop.auth cookie. This prevents
> subsequent KDC and SPNEGO interactions.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
