Overview
Instead of using a basic username/password pair, you can improve security by generating Knox Gateway tokens. Tokens are more secure than plaintext username/password because they are signed, anonymized from the source data, and have a specified lifetime (by default, one hour).
About Knox gateway tokens
Before CDP 7.2.14, Knox on CDP Public Cloud had two default topologies:
cdp-proxy
and cdp-proxy-api
. To enable passcode tokens,
a third Knox topology was added: cdp-proxy-token
. While very similar to
cdp-proxy-api
, the authentication provider for
cdp-proxy-token
is configured with the JWTFederation provider, so that
newly generated tokens can be used.
View Knox token integration
Knox token integration can be accessed via Cloudera Manager or the Knox homepage:
- (Recommended) Cloudera Manager:
Knox Token Integration
.
and search for - Navigate to the Management Console service > Data Lakes > (Your cluster) > Token
Integration (under the Services tab). This will bring you to the Knox homepage. There
are two new links on your Knox homepage homepage: Token
Management and Token Generation.