Security
Also available as:
PDF
loading table of contents...

Authentication Providers

There are two types of providers supported in Knox for establishing a user’s identity:

  • Authentication Providers

  • Federation Providers

Authentication providers directly accept a user’s credentials and validates them against some particular user store. Federation providers, on the other hand, validate a token that has been issued for the user by a trusted Identity Provider (IdP).

Providers have a name-value based configuration. There are different authentication providers:

  • Anonymous

    • Used by Knox to let the proxied service or UI do its own authentication.

  • ShiroProvider

    • For LDAP/AD authentication with username and password. No SPNEGO/Kerberos support.

  • HadoopAuth

    • For SPNEGO/Kerberos authentication with delegation tokens. No LDAP/AD support.

  • PAM

    • For PAM authentication with username and password, via ShiroProvider.