hadoop-common-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Schulz <danielschulz2...@hotmail.com>
Subject RE: Authenticating to Kerberos enabled Hadoop cluster using Java
Date Mon, 02 Nov 2015 11:53:57 GMT
Hi Chhaya,
Thank you for asking straight away. At my latest project (HDP with Kerberos) we used authenticated
users; as they submitted Java jobs MR or Spark reached through their user name and looked
for a valid Kerberos Principal. Upon file access, HDFS does so. So your user needs to have
a valid Kerberos Ticket from `kinit` or a keytab file.
Of course: you could issue `kinit` via JNI; but this looks rather like a hack. If a service
needs credentials, I'd rather use Keystores for that. On Hadoop with Kerberos, your user's
Kerberos Principal is the default way to go.
Alternatively, you may use this parameter chain before start up:

SET KINIT=c:\Program Files\Java\jdk1.6.0_20\bin\kinit
SET KEYTAB=d:\webapps\app1\WEB-INF\serverhostname.keytab
SET SPN=HTTP/app1.intranet.company.com@REALM002.COMPANY.COM
SET KRB5INI=d:\webapps\app1\WEB-INF\krb5.ini
"%KINIT%" -k -t "%KEYTAB%" %SPN% -J-Dsun.security.krb5.debug=true "-J-Djava.security.krb5.conf=%KRB5INI%"source:
michael-behrendt.net/blog/2011/01/kerberos-keytab-uberprufen-mit-java-boardmitteln (German)
Kind regards, Daniel.

From: Chhaya.Vishwakarma@Thinkbiganalytics.comTo: user@hadoop.apache.org
Subject: Authenticating to Kerberos enabled Hadoop cluster using Java
Date: Mon, 2 Nov 2015 10:45:37 +0000

I have Kerberos enabled Hadoop cluster, I need to perform HDFS operations using JAVA code.

I have keytab file and username can someone please suggest how can I autheticate to Kerberos
using JAVA code?
View raw message