Thanks i think https: prefix in the URL. sufficient for my use-case. On Wed, May 27, 2015 at 5:08 PM, Dilli Arumugam <[email protected]> wrote:
> Hi Prateek, > In addition to what Larry said > Please note the https: prefix in the URL. > The username/password are going encrypted over SSL. > I hope that minimizes your concern. > Thanks > Dilli > > From: larry mccay <[email protected]> > Reply-To: "[email protected]" <[email protected]> > Date: Wednesday, May 27, 2015 4:30 PM > To: "[email protected]" <[email protected]> > Cc: "[email protected]" <[email protected]> > Subject: Re: do not want to pass username-password in curl command > > Hi Prateek - > > This is a usecase that I a see as part of our ongoing work for SSO. > We would have to fully articulate your usecase here though. > Curl isn't generally the type of client that I would imagine using an > APPKey with. > > What actually works well for curl are things like kerberos actually. > Something where you login and curl takes care of the peer authentication > for you. > > We do have an authentication provider or Hadoop Auth - which would buy > you SPNEGO based authentication. > There are issues with using it to access some services such as WebHDFS > currently - these are situations where a browser redirect is used to go > from a master like NameNode to a slave like DataNode. > > It may work for you for HBase through Stargate. > > The general use would be: > > * kinit to login as your user > * issue curl commands like: > curl -ik --negotiate -H "Accept: text/xml" -X GET ' > https://192.168.44.11:8443/gateway/sandbox/hbase' > > If this is something that would meet your needs then we would be > interested in your experiences testing it out. > > If you don't have a secure cluster and kerberos then it won't likely be > something that you want to add just for curl access through Knox. > > I have plans in the back of my mind for acquiring a token and storing it > in a permissions protected file and accessing it from curl to populate an > HTTP Header for similar types of usecases. This would still require you to > provide your username and password to Knox in order to get the token up > front though. > > So, again, we would be interested in more details of your usecase and > would certainly welcome any help in meeting your requirements as well! > > thanks, > > --larry > > On Wed, May 27, 2015 at 7:05 PM, prateek arora <[email protected] > > wrote: > >> Hi >> >> I am using below command to access hadoop service. >> >> curl -ik -u guest:guest-password -H "Accept: text/xml" -X GET ' >> https://192.168.44.11:8443/gateway/sandbox/hbase' >> >> >> i do not want to pass username and password over the network. >> >> so is there any mechanism so i can pass some tokens or api-key so i >> can hide user-name and password . >> >> Regards >> Prateek >> > >
