Hi all
I noticed Knox has Shiro provider to authenticate requests against LDAP.
Does it support kerberos authentication?
We have an application deployed/managed as Hadoop service by Ambari.We
implemented the Kerberos SSO in our app(Hadoop service), howerver, our
kerberos SSO on longer work after proxied by Knox0.7.
Our kerberos SSO procedure is like below(Our Hadoop cluster has been
secured by kerberos):
1.User kinit a kerberos principal in a Hadoop node machine[This can be done
by kinit command in Linux shell].
2.User config the network.negotiate-auth.trusted-uris and
network.negotiate.auth.delegation-uris in web browser.
3.Then user can directly login to our application in UI without being
challenged for kerberos principal/credential[Actually the kerberos token
and principal are propagated to our application's login module.]
Can anyone suggest to resolve the issue?
My thought is it is feasible to make our Kerberos SSO work if knox can
authenticate against kerberos and pass the token/username to our app.
Is this ok?
Thanks
_________________________________________________________________________________________________
Tony Huang
software engineer
IBM Big Data & Analytics|Analytic Server
Phone: 68030373
E-mail: [email protected]
