If there is no Kerberos, then you have 2 options: No authentication (default) Two way SSL to authenticate the request from the plugin.
Note, if it is non-Kerberos environment, then authorization cannot be enforced, because users can impersonate anyone. Bosco From: Odon Copon <odonco...@gmail.com> Reply-To: <user@ranger.apache.org> Date: Friday, January 11, 2019 at 1:22 AM To: <user@ranger.apache.org> Subject: Re: Accessing Ranger Policy Manager API from HDFS plugin Mmm, but what if the system is not using Kerberos? On Fri, 11 Jan 2019, 04:21 Velmurugan Periasamy <vperias...@hortonworks.com wrote: Yes, that's what I referred to. From: Odon Copon <odonco...@gmail.com> Sent: Thursday, January 10, 2019 5:07 PM To: user@ranger.apache.org Subject: Re: Accessing Ranger Policy Manager API from HDFS plugin Are we talking about principal in Kerberos or any other principal I'm not understanding? On Thu, 10 Jan 2019 at 18:05, Odon Copon <odonco...@gmail.com> wrote: What do you mean by HDFS plugin uses service (Namenode) user's principal ? Could you provide an example? Thanks. On Thu, 10 Jan 2019 at 17:08, Velmurugan Periasamy <vperias...@hortonworks.com> wrote: HDFS plugin uses service (Namenode) user's principal. From: Odon Copon <odonco...@gmail.com> Sent: Thursday, January 10, 2019 8:59 AM To: user@ranger.apache.org Subject: Accessing Ranger Policy Manager API from HDFS plugin Hi, How does the Ranger HDFS plugin communicates with the Policy Manager API? Is it using a specific user/password combination? I know the User Sync has rangerusersync user and pass, and all that information is stored in rangerusersync.jceks, but what about the HDFS plugin or any other plugin? I'm having issues with that, my plugin once enabled doesn't get displayed in the UI and would like to check the credentials the plugin is using to use the API. For the User Sync - Policy Manager communication works fine. Thanks.
