You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by mo...@apache.org on 2017/11/06 21:12:29 UTC
svn commit: r1814442 - in /knox: site/books/knox-0-14-0/user-guide.html
trunk/books/0.14.0/config_authz.md
Author: more
Date: Mon Nov 6 21:12:28 2017
New Revision: 1814442
URL: http://svn.apache.org/viewvc?rev=1814442&view=rev
Log:
KNOX-1087 - Doc - For Anonymous authentication Auth will not work
Modified:
knox/site/books/knox-0-14-0/user-guide.html
knox/trunk/books/0.14.0/config_authz.md
Modified: knox/site/books/knox-0-14-0/user-guide.html
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-14-0/user-guide.html?rev=1814442&r1=1814441&r2=1814442&view=diff
==============================================================================
--- knox/site/books/knox-0-14-0/user-guide.html (original)
+++ knox/site/books/knox-0-14-0/user-guide.html Mon Nov 6 21:12:28 2017
@@ -2646,7 +2646,23 @@ url -k --header "SM_USER: nobody@ca
<pre><code> curl -i -k -u sam:sam-password -X GET 'https://localhost:8443/gateway/sandbox/webhdfs/v1/?op=LISTSTATUS'
</code></pre><p>The command should be executed successfully and you should see the groups ‘scientist’ and ‘analyst’ to which user ‘sam’ belongs to in gateway-audit.log i.e.</p>
<pre><code> ||a99aa0ab-fc06-48f2-8df3-36e6fe37c230|audit|WEBHDFS|sam|||identity-mapping|principal|sam|success|Groups: [scientist, analyst]
-</code></pre><h3><a id="Authorization">Authorization</a> <a href="#Authorization"><img src="markbook-section-link.png"/></a></h3><h4><a id="Service+Level+Authorization">Service Level Authorization</a> <a href="#Service+Level+Authorization"><img src="markbook-section-link.png"/></a></h4><p>The Knox Gateway has an out-of-the-box authorization provider that allows administrators to restrict access to the individual services within a Hadoop cluster.</p><p>This provider utilizes a simple and familiar pattern of using ACLs to protect Hadoop resources by specifying users, groups and ip addresses that are permitted access.</p><h4><a id="Configuration">Configuration</a> <a href="#Configuration"><img src="markbook-section-link.png"/></a></h4><p>ACLs are bound to services within the topology descriptors by introducing the authorization provider with configuration like:</p>
+</code></pre>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--><h3><a id="Authorization">Authorization</a> <a href="#Authorization"><img src="markbook-section-link.png"/></a></h3><h4><a id="Service+Level+Authorization">Service Level Authorization</a> <a href="#Service+Level+Authorization"><img src="markbook-section-link.png"/></a></h4><p>The Knox Gateway has an out-of-the-box authorization provider that allows administrators to restrict access to the individual services within a Hadoop cluster.</p><p>This provider utilizes a simple and familiar pattern of using ACLs to protect Hadoop resources by specifying users, groups and ip addresses that are permitted access.</p><p>Note : This feature will not work as expected if ‘anonymous’ authentication is used. </p><h4><a id="Configuration">Configuration</a> <a href="#Configuration"><img src="markbook-section-link.png"/></a></h4><p>ACLs are bound to services within the topology descriptors by introducing the authorization provider with configuration like:</p>
<pre><code><provider>
<role>authorization</role>
<name>AclsAuthz</name>
Modified: knox/trunk/books/0.14.0/config_authz.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/0.14.0/config_authz.md?rev=1814442&r1=1814441&r2=1814442&view=diff
==============================================================================
--- knox/trunk/books/0.14.0/config_authz.md (original)
+++ knox/trunk/books/0.14.0/config_authz.md Mon Nov 6 21:12:28 2017
@@ -1,4 +1,4 @@
-<!---
+<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
@@ -13,7 +13,7 @@
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
---->
+-->
### Authorization ###
@@ -23,6 +23,8 @@ The Knox Gateway has an out-of-the-box a
This provider utilizes a simple and familiar pattern of using ACLs to protect Hadoop resources by specifying users, groups and ip addresses that are permitted access.
+Note : This feature will not work as expected if 'anonymous' authentication is used.
+
#### Configuration ####
ACLs are bound to services within the topology descriptors by introducing the authorization provider with configuration like: