OK, I guess I figured out the reason. I am using Ambari to manage my cluster, and I suppose:
1. Adding user (for the embedded LDAP server) action could be done by modifying /conf/users.ldif file 2. Also, I am using Ambari to manage my cluster, but Ambari does not start the embedded LDAP server (so I need to manually login to the node and type $KNOXFOLDER/bin/ldap.sh start in order to run the LDAP service to provide authentication). Is this correct? Xiaoyong From: Xiaoyong Zhu [mailto:[email protected]] Sent: Saturday, March 28, 2015 6:17 PM To: [email protected] Subject: RE: Knox for HTTP basic auth? I figured out the user name and password pair (guest:guest-password) but accessing the REST APIs from outside the cluster will not work. i.e. if I curl -i -k -u guest:guest-password https://<cluster<https://%3ccluster> address>:8443/gateway/default/templeton/v1/status then the sever returns "unauthorized" as the figure below. If I SSH in the cluster and type: curl -i -k -u guest:guest-password https://localhost:8443/gateway/default/templeton/v1/status then the the results is returned successfully. So I still have 2 questions: 1. How could I add one user in LDAP with customized username/password? 2. How could I do to enable accessing KNOX from outside of the cluster? Thanks! Xiaoyong From: Xiaoyong Zhu [mailto:[email protected]] Sent: Saturday, March 28, 2015 5:43 PM To: [email protected]<mailto:[email protected]> Subject: Knox for HTTP basic auth? Hi experts I have deployed Knox successfully to my cluster, and I want to enable the HTTP basic auth (i.e. username+password) to protect my REST APIs. As you can see in the attached figure, I am trying to reach the templeton/WebHCat endpoint via Knox. However, I don't know what's the default user name/password, and how could I configure them? [cid:[email protected]] I have read the Knox documentation and I guess I may need to configure LDAP directory to enable this, right? If so, how could I add an LDAP user in the embedded LDAP server? Thanks! Xiaoyong
