Hi Prateek, In addition to what Larry said Please note the https: prefix in the URL. The username/password are going encrypted over SSL. I hope that minimizes your concern. Thanks Dilli
From: larry mccay <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Wednesday, May 27, 2015 4:30 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Cc: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: do not want to pass username-password in curl command Hi Prateek - This is a usecase that I a see as part of our ongoing work for SSO. We would have to fully articulate your usecase here though. Curl isn't generally the type of client that I would imagine using an APPKey with. What actually works well for curl are things like kerberos actually. Something where you login and curl takes care of the peer authentication for you. We do have an authentication provider or Hadoop Auth - which would buy you SPNEGO based authentication. There are issues with using it to access some services such as WebHDFS currently - these are situations where a browser redirect is used to go from a master like NameNode to a slave like DataNode. It may work for you for HBase through Stargate. The general use would be: * kinit to login as your user * issue curl commands like: curl -ik --negotiate -H "Accept: text/xml" -X GET 'https://192.168.44.11:8443/gateway/sandbox/hbase' If this is something that would meet your needs then we would be interested in your experiences testing it out. If you don't have a secure cluster and kerberos then it won't likely be something that you want to add just for curl access through Knox. I have plans in the back of my mind for acquiring a token and storing it in a permissions protected file and accessing it from curl to populate an HTTP Header for similar types of usecases. This would still require you to provide your username and password to Knox in order to get the token up front though. So, again, we would be interested in more details of your usecase and would certainly welcome any help in meeting your requirements as well! thanks, --larry On Wed, May 27, 2015 at 7:05 PM, prateek arora <[email protected]<mailto:[email protected]>> wrote: Hi I am using below command to access hadoop service. curl -ik -u guest:guest-password -H "Accept: text/xml" -X GET 'https://192.168.44.11:8443/gateway/sandbox/hbase' i do not want to pass username and password over the network. so is there any mechanism so i can pass some tokens or api-key so i can hide user-name and password . Regards Prateek
