Hi Manoj -

This is often done by going through a gateway or intermediary that is
configured as a trusted proxy to the cluster. That is, the intermediary can
authenticate to the target services as itself with kerberos and dispatch
the REST request with a doas parameter that indicates the identity of the
user to issue the request on behalf of.

This is precisely what Apache Knox does for such deployments. You may want
to take a look there.

Currently, out of the box, Knox has an authentication provider to
authentication HTTP Basic credentials against an LDAP server.
There is an ApacheDS LDAP server as part of the Knox distribution as well -
for quickly testing your deployment.

Feel free to engage the Knox user/dev lists.


On Thu, May 15, 2014 at 4:44 AM, Manoj Babu <[EMAIL PROTECTED]> wrote:
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.

NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB