Greetings,
After spending several days attempting to get HBase working with Knox in a Kerberos secured environment, I discovered a crazy bug I want to share with you. I started with the default topology that included the ShiroProvider. I set the enabled value to false and added my HadoopAuth provider directly below it with enabled set to true. This was done so I could easily switch back to the original if required. When I finally thought to review the generated deployment artifacts, I discovered the gateway.xml file did not include any reference to the ShiroFilter or HadoopAuthFilter. As such my subsequent use of the identity assertion filter would fail with a missing Subject. So basically one can only have a single authentication provider listed in the topology. It does not use the first enabled provider. Next week, I will research and attempt to suggest some suitable changes or warnings. Thanks everyone for their assistance on this matter. Almost completed my HBase integration with Knox and Kerberos. Take care, Rick