Hello! I am unable to get Apache Knox to authenticate to Apache Ranger to download its policies. I am using Apache Knox 1.4.0, Apache Ranger 2.1.0, and the Ranger 2.1.0 Knox Plugin.
Knox error logs are showing: WARN client.RangerAdminJersey2RESTClient: Unexpected: Received status[400] with body [Unauthenticated access not allowed] form url [/service/plugins/policies/download/knox] Ranger error logs are showing: INFO org.apache.ranger.common.RESTErrorUtil - Request failed. loginId=null, logMessage=Unauthenticated access not allowed javax.ws.rs.WebApplicationException Both sides are using trusted SSL certificates (not self-signed) and there's no issues with SSL trust between the two. Knox is set up to use a JAAS file with the principal name knox.svc/<server FQDN>@<DOMAIN FQDN>. I created a user in Ranger matching the Knox service's principal name. I'm not finding a way to specify what credentials to use when the plugin on Knox tries to download policies from Ranger. For all of my other services, the associated plugin for the service just uses the service's configured Kerberos principal and connects without issue. What can I do to fix this?
