Configuring Atlas Authentication
Apache Atlas authentication enables multiple security layers, including Kerberos, LDAP, using a hierarchical priority order to validate web and REST API requests.
Atlas allows more than one authentication method to be enabled at one time. If more than one authentication method is enabled, users failing the first method are authenticated against the second method. The priority order of the methods is Kerberos, LDAP, then file-based authentication. For example if both Kerberos and LDAP authentication are enabled, a request without a Kerberos principal and keytab are authenticated using LDAP.
Specifying more than one authentication method allows you to setup useful production and
development scenarios:
- In a Production environment, you might configure Kerberos for service account access to the Atlas server while also supporting LDAP authentication for users logging in through the user interface.
- In a Development environment, you might configure Kerberos for service account access while leaving file-based authentication enabled to allow a limited number of administrator to access the Atlas user interface.
