Can anyone answer this? :)
Thanks Tony From: Da Peng DP Huang/China/IBM To: [email protected] Date: 03/24/2016 12:53 Subject: Does knox0.7 support kerberos authentication in Shiro provider or SSO provider? Hi all I noticed Knox has Shiro provider to authenticate requests against LDAP. Does it support kerberos authentication? We have an application deployed/managed as Hadoop service by Ambari.We implemented the Kerberos SSO in our app(Hadoop service), howerver, our kerberos SSO on longer work after proxied by Knox0.7. Our kerberos SSO procedure is like below(Our Hadoop cluster has been secured by kerberos): 1.User kinit a kerberos principal in a Hadoop node machine[This can be done by kinit command in Linux shell]. 2.User config the network.negotiate-auth.trusted-uris and network.negotiate.auth.delegation-uris in web browser. 3.Then user can directly login to our application in UI without being challenged for kerberos principal/credential[Actually the kerberos token and principal are propagated to our application's login module.] Can anyone suggest to resolve the issue? My thought is it is feasible to make our Kerberos SSO work if knox can authenticate against kerberos and pass the token/username to our app. Is this ok? Thanks _________________________________________________________________________________________________ Tony Huang software engineer IBM Big Data & Analytics|Analytic Server Phone: 68030373 E-mail: [email protected]
