Description
The basic interactions flow might look like this.
1. Client authenticates with KDC
2. Client requests HDFS resource via gateway
3. Knox authenticates client via SPNEGO
4. Knox authentication Service via SPNEGO
5. Gateway dispatches request and tokens to service.
6. Service provides response including hadoop.auth cookie. This prevents subsequent KDC and SPNEGO interactions.
Attachments
Attachments
Issue Links
- blocks
-
KNOX-353 Support Hadoop java client WebHdfs URLs
- Closed
- is related to
-
KNOX-355 Support Knox authentication provider based on hadoop.security.authentication.server.AuthenticationHandler
- Closed
- relates to
-
KNOX-27 Access Kerberos secured Hadoop cluster via gateway using basic auth credentials
- Closed