hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raghavendra Nandagopal <askaboutst...@gmail.com>
Subject Renewable Ticket using Keytab through JAAS API
Date Thu, 19 Jun 2014 00:17:07 GMT
Hi,
   Checking if you had come across the same problem while implementing
security in Hadoop specifically auto ticket renewal.

   I am using a Key tab file with the below JAAS configuration.

com.sun.security.auth.module.Krb5LoginModule required
useKeyTab = true
useTicketCache = true
keyTab="xyz.keytab"
storeKey=true
principal="user/xyz.com"

The configuration works only if the Kinit is called before hand and the
ticket is present in the cache.  I am checking a condition for renewable
ticket using JAAS API and it works.

Now if I modify the JAAS configuration not to use ticket cache i.e., by
setting the useTicketCache = false then without calling Kinit and just
using the keyTab is failing to set the renewable flag although I am able to
get the ticket authenticated from the kerberos using JAAS API.  Below is
the JAAS configuration.

com.sun.security.auth.module.Krb5LoginModule required
useKeyTab = true
useTicketCache = false
keyTab="xyz.keytab"
storeKey=true
principal="user/xyz.com"

Please let me know how do we use keytab in JAAS API bypassing kinit command
and the renewable ticket flag is set.

Thanks,
Raghav

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message