hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mohammad Islam <misla...@yahoo.com>
Subject Re: Running unit test cases with Kerberos on
Date Sat, 19 Apr 2014 02:57:35 GMT
Thanks everyone for the assistance.

It appeared I kinited as myself in the box. Looks like this confused the test.
I ran the kdestroy and ran the test successfully.

--Mohammad


On Thursday, April 17, 2014 10:22 AM, Alejandro Abdelnur <tucu@cloudera.com> wrote:
 
yes it does :)

also, if you are interested in scripts to help you out starting minikdc in standalone mode
look at Llama's llama-minikdc module after running a mvn assembly. i dont recall if that made
it to hadoop-minikdc (cannot check right now, not at computer)

thx

Alejandro
(phone typing)


> On Apr 17, 2014, at 10:05, Steve Loughran <stevel@hortonworks.com> wrote:
> 
> there's one more thing to note -when working with a linux kerberos cluster,
> you must have the export crypto package installed, else you get to see the
> useful error message "No valid credentials provided (Mechanism level:
> Illegal key size)]"
> 
> I don't know if miniKDC works with smaller key lengths, so avoids this
> problem
> 
> 
>> On 17 April 2014 16:37, Alejandro Abdelnur <tucu@cloudera.com> wrote:
>> 
>> minikdc can be run from the commandline to do exactly that, as args you
>> give dir where it will create the krb5conf file, a list of principals to
>> have, a keytab with all those princs will be created in the dir, distribute
>> the krb5.conf and the keytabfile to you clients. config the cluents to pick
>> up the krb5.conf, you are done.
>> 
>> thx
>> 
>> Alejandro
>> (phone typing)
>> 
>>> On Apr 17, 2014, at 8:28, Jay Vyas <jayunit100@gmail.com> wrote:
>>> 
>>> ah .. thats nice to know.  so ... are there other lightweight kerberos
>>> implementations that we can use on a real cluster to get started with
>>> kerberos authentication without having to install a whole kdc
>> environment?
>>> 
>>> 
>>> On Thu, Apr 17, 2014 at 11:15 AM, Alejandro Abdelnur <tucu@cloudera.com
>>> wrote:
>>> 
>>>> or you can use hadoop-minikdc, it is a java kdc base on apacheds, and
>>>> doesnt require any os level setup. there are some tests in hadoop rhat
>>>> already use it.
>>>> 
>>>> thx
>>>> 
>>>> Alejandro
>>>> (phone typing)
>>>> 
>>>>>> On Apr 17, 2014, at 5:44, Steve Loughran <stevel@hortonworks.com>
>> wrote:
>>>>>> 
>>>>>> On 16 April 2014 23:42, Mohammad Islam <mislam77@yahoo.com>
wrote:
>>>>>> 
>>>>>> Hi,
>>>>>> I tried to run a test case using this command from my Linux box:
>>>>>> mvn clean test  -PtestKerberos -Dtest=TestJHSSecurity
>>>>>> 
>>>>>> And I got the following exception. I know it is  related to setup
the
>>>>>> principal and other kerberos settings.
>>>>>> 
>>>>>> Can someone please help me  about this? such as what is the mvn
>> command
>>>>>> and what other settings are required?
>>>>> 
>>>>> 
>>>>> 
>>>>> it'll need the kerberos credentials used to talk to the cluster, which
>>>> you
>>>>> pick up client side via kinit ; the Java code will pick them up.
>>>>> 
>>>>> 
>>>>> 
>>>>>> Do I need to run my own KDC or provide own keytab?
>>>>> you will need your own KDC, this is easy enough to set up on Linux
>> -even
>>>> in
>>>>> a VM- and you can certainly use Linux or OSX as test boxes.
>>>>> 
>>>>> --
>>>>> CONFIDENTIALITY NOTICE
>>>>> NOTICE: This message is intended for the use of the individual or
>> entity
>>>> to
>>>>> which it is addressed and may contain information that is confidential,
>>>>> privileged and exempt from disclosure under applicable law. If the
>> reader
>>>>> of this message is not the intended recipient, you are hereby notified
>>>> that
>>>>> any printing, copying, dissemination, distribution, disclosure or
>>>>> forwarding of this communication is strictly prohibited. If you have
>>>>> received this communication in error, please contact the sender
>>>> immediately
>>>>> and delete it from your system. Thank You.
>>> 
>>> 
>>> 
>>> --
>>> Jay Vyas
>>> http://jayunit100.blogspot.com
> 
> -- 
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to 
> which it is addressed and may contain information that is confidential, 
> privileged and exempt from disclosure under applicable law. If the reader 
> of this message is not the intended recipient, you are hereby notified that 
> any printing, copying, dissemination, distribution, disclosure or 
> forwarding of this communication is strictly prohibited. If you have 
> received this communication in error, please contact the sender immediately 
> and delete it from your system. Thank You.
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message