[
https://issues.apache.org/jira/browse/KNOX-2526?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17256027#comment-17256027
]
Larry McCay commented on KNOX-2526:
-----------------------------------
[~未知的证明] - this really should be discussed on the user@ email list rather than
as a JIRA.
This is obviously not a blocker bug of anything as Knox certainly works with
secure hadoop clusters.
Let's finish this up here but please bring such questions to the email lists in
the future.
Any valid service principal in the hadoop cluster should have a local account
created and potentially a home directory depending on what the user is expected
to do. Any authorization of the Knox user would likely require group lookup to
be done and would - depending on your configuration - require a local account.
> Knox can not access the Secure Hadoop
> -------------------------------------
>
> Key: KNOX-2526
> URL: https://issues.apache.org/jira/browse/KNOX-2526
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 1.5.0
> Reporter: 李远锋
> Priority: Blocker
> Fix For: 1.5.0
>
> Attachments: gateway-audit.log, gateway.err, gateway.log,
> gateway.out, image-2020-12-27-22-24-45-419.png,
> image-2020-12-29-11-35-16-339.png, knox-1.4.0.gz, knox.service.keytab
> &spnego.service.keytab.txt, krb5.conf, krb5JAASLogin.conf
>
>
> @[~smore] First of all, thank you for answering my question in jira last
> time, today I encountered a new problem, I hope you can help me, thank you a
> lot.
> I think this is not a bug, but my poor understanding of Knox's kerberos
> configuration. I have read the User Guide and Wiki on the official website
> several times, but I can't understand them well.I am confused about Kerberos
> configuration in the following two chapters and want to know the difference
> of two chapters:
> [Secure+Clusters|https://knox.apache.org/books/knox-1-4-0/user-guide.html#Secure+Clusters]
> [HadoopAuth+Authentication+Provider|https://knox.apache.org/books/knox-1-4-0/user-guide.html#HadoopAuth+Authentication+Provider]
>
> Although I followed these two configurations of the two chapters, I still
> encountered an error
> {code:java}
> // code placeholder
> curl -k -i --negotiate -u admin:admin-password
> https://localhost:8443/gateway/sandbox/webhdfs/v1/tmp?op=LISTSTATUS
> HTTP/1.1 401 Unauthorized
> Date: Sun, 27 Dec 2020 13:53:49 GMT
> WWW-Authenticate: BASIC realm="application"
> Content-Length: 0{code}
>
> I want to use a browser to access HadoopUI through Knox, but I also
> encountered a similar error。
> !image-2020-12-27-22-24-45-419.png!
> Finally, if Hadoop does not enable Kerberos, it is normal to access HadoopUI
> through Knox.
> Please help me,Thanks a lot.
>
>
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
