You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by mo...@apache.org on 2017/11/06 21:12:29 UTC

svn commit: r1814442 - in /knox: site/books/knox-0-14-0/user-guide.html trunk/books/0.14.0/config_authz.md

Author: more
Date: Mon Nov  6 21:12:28 2017
New Revision: 1814442

URL: http://svn.apache.org/viewvc?rev=1814442&view=rev
Log:
KNOX-1087 - Doc - For Anonymous authentication Auth will not work

Modified:
    knox/site/books/knox-0-14-0/user-guide.html
    knox/trunk/books/0.14.0/config_authz.md

Modified: knox/site/books/knox-0-14-0/user-guide.html
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-14-0/user-guide.html?rev=1814442&r1=1814441&r2=1814442&view=diff
==============================================================================
--- knox/site/books/knox-0-14-0/user-guide.html (original)
+++ knox/site/books/knox-0-14-0/user-guide.html Mon Nov  6 21:12:28 2017
@@ -2646,7 +2646,23 @@ url -k --header "SM_USER: nobody@ca
 <pre><code>    curl -i -k -u sam:sam-password -X GET &#39;https://localhost:8443/gateway/sandbox/webhdfs/v1/?op=LISTSTATUS&#39; 
 </code></pre><p>The command should be executed successfully and you should see the groups &lsquo;scientist&rsquo; and &lsquo;analyst&rsquo; to which user &lsquo;sam&rsquo; belongs to in gateway-audit.log i.e.</p>
 <pre><code>    ||a99aa0ab-fc06-48f2-8df3-36e6fe37c230|audit|WEBHDFS|sam|||identity-mapping|principal|sam|success|Groups: [scientist, analyst]
-</code></pre><h3><a id="Authorization">Authorization</a> <a href="#Authorization"><img src="markbook-section-link.png"/></a></h3><h4><a id="Service+Level+Authorization">Service Level Authorization</a> <a href="#Service+Level+Authorization"><img src="markbook-section-link.png"/></a></h4><p>The Knox Gateway has an out-of-the-box authorization provider that allows administrators to restrict access to the individual services within a Hadoop cluster.</p><p>This provider utilizes a simple and familiar pattern of using ACLs to protect Hadoop resources by specifying users, groups and ip addresses that are permitted access.</p><h4><a id="Configuration">Configuration</a> <a href="#Configuration"><img src="markbook-section-link.png"/></a></h4><p>ACLs are bound to services within the topology descriptors by introducing the authorization provider with configuration like:</p>
+</code></pre>
+<!--
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+--><h3><a id="Authorization">Authorization</a> <a href="#Authorization"><img src="markbook-section-link.png"/></a></h3><h4><a id="Service+Level+Authorization">Service Level Authorization</a> <a href="#Service+Level+Authorization"><img src="markbook-section-link.png"/></a></h4><p>The Knox Gateway has an out-of-the-box authorization provider that allows administrators to restrict access to the individual services within a Hadoop cluster.</p><p>This provider utilizes a simple and familiar pattern of using ACLs to protect Hadoop resources by specifying users, groups and ip addresses that are permitted access.</p><p>Note : This feature will not work as expected if &lsquo;anonymous&rsquo; authentication is used. </p><h4><a id="Configuration">Configuration</a> <a href="#Configuration"><img src="markbook-section-link.png"/></a></h4><p>ACLs are bound to services within the topology descriptors by introducing the authorization provider with configuration like:</p>
 <pre><code>&lt;provider&gt;
     &lt;role&gt;authorization&lt;/role&gt;
     &lt;name&gt;AclsAuthz&lt;/name&gt;

Modified: knox/trunk/books/0.14.0/config_authz.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/0.14.0/config_authz.md?rev=1814442&r1=1814441&r2=1814442&view=diff
==============================================================================
--- knox/trunk/books/0.14.0/config_authz.md (original)
+++ knox/trunk/books/0.14.0/config_authz.md Mon Nov  6 21:12:28 2017
@@ -1,4 +1,4 @@
-<!---
+<!--
    Licensed to the Apache Software Foundation (ASF) under one or more
    contributor license agreements.  See the NOTICE file distributed with
    this work for additional information regarding copyright ownership.
@@ -13,7 +13,7 @@
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
---->
+-->
 
 ### Authorization ###
 
@@ -23,6 +23,8 @@ The Knox Gateway has an out-of-the-box a
 
 This provider utilizes a simple and familiar pattern of using ACLs to protect Hadoop resources by specifying users, groups and ip addresses that are permitted access.
 
+Note : This feature will not work as expected if 'anonymous' authentication is used. 
+
 #### Configuration ####
 
 ACLs are bound to services within the topology descriptors by introducing the authorization provider with configuration like: