Cloudera Docs

Notices after completing backup and restore for Knox

Review the Knox related notices after completing the backup and restore process manually.

After the backup and restore process is completed for the Knox tables, previously acquired, non-expired JWT and SSO tokens are invalidated and cannot be used for authentication after restore. However, you can manually revoke these credentials on the Token Management page in Knox or wait until the credentials are cleaned by Knox in the background.

The authentication tokens will reflect the state of the most recent backup, and any action that was taken after the backup will be ignored as detailed in the following list:

  • Any type of new tokens generated after the backup will not be included in the restore, these tokens will not be visible on the Token Management page.
  • OAUTH type token(s)
    • that were revoked after backup will be restored and will work as expected.
    • that were disabled after backup will be considered as enabled and will work as expected.
    • that were disabled before backup, but enabled after backup will be considered as disabled and will not work.