Return-Path: 
 <user-return-21415-apmail-hadoop-common-user-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-common-user-archive@www.apache.org
Delivered-To: apmail-hadoop-common-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 354A617DC6
	for <apmail-hadoop-common-user-archive@www.apache.org>;
 Mon,  2 Nov 2015 11:54:30 +0000 (UTC)
Received: (qmail 3441 invoked by uid 500); 2 Nov 2015 11:54:16 -0000
Delivered-To: apmail-hadoop-common-user-archive@hadoop.apache.org
Received: (qmail 3308 invoked by uid 500); 2 Nov 2015 11:54:16 -0000
Mailing-List: contact user-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@hadoop.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@hadoop.apache.org>
List-Post: <mailto:user@hadoop.apache.org>
List-Id: <user.hadoop.apache.org>
Reply-To: user@hadoop.apache.org
Delivered-To: mailing list user@hadoop.apache.org
Received: (qmail 3298 invoked by uid 99); 2 Nov 2015 11:54:15 -0000
Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 02 Nov 2015 11:54:15 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org)
 with ESMTP id 6ABF9180332
	for <user@hadoop.apache.org>; Mon,  2 Nov 2015 11:54:15 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 3.24
X-Spam-Level: ***
X-Spam-Status: No, score=3.24 tagged_above=-999 required=6.31
	tests=[FREEMAIL_ENVFROM_END_DIGIT=0.25, HTML_MESSAGE=3,
	SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001]
	autolearn=disabled
Received: from mx1-us-west.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new,
 port 10024)
	with ESMTP id Z3iHsVb9ae2J for <user@hadoop.apache.org>;
	Mon,  2 Nov 2015 11:54:06 +0000 (UTC)
Received: from DUB004-OMC2S12.hotmail.com (dub004-omc2s12.hotmail.com
 [157.55.1.151])
	by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with
 ESMTPS id AE3F62304E
	for <user@hadoop.apache.org>; Mon,  2 Nov 2015 11:54:05 +0000 (UTC)
Received: from DUB129-W91 ([157.55.1.137]) by DUB004-OMC2S12.hotmail.com over
 TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008);
	 Mon, 2 Nov 2015 03:53:57 -0800
X-TMN: [hNMSOUg8JlZUSoXnChPVCQ2Az9dvKPmW]
X-Originating-Email: [danielschulz2005@hotmail.com]
Message-ID: <DUB129-W91FCA9F20D8E32E5D6BE43D82C0@phx.gbl>
Content-Type: multipart/alternative;
	boundary="_e65e6ee0-73a6-46b7-aa0f-74cf07173deb_"
From: Daniel Schulz <danielschulz2005@hotmail.com>
To: "user@hadoop.apache.org" <user@hadoop.apache.org>
Subject: RE: Authenticating to Kerberos enabled Hadoop cluster using Java
Date: Mon, 2 Nov 2015 12:53:57 +0100
Importance: Normal
In-Reply-To: 
 <9F9DE72B96464A44901B056CE36E33D8016E200F@SUSHDC8000.TD.TERADATA.COM>
References: 
 <9F9DE72B96464A44901B056CE36E33D8016E200F@SUSHDC8000.TD.TERADATA.COM>
MIME-Version: 1.0
X-OriginalArrivalTime: 02 Nov 2015 11:53:57.0533 (UTC)
 FILETIME=[27E00CD0:01D11565]

--_e65e6ee0-73a6-46b7-aa0f-74cf07173deb_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi Chhaya=2C
Thank you for asking straight away. At my latest project (HDP with Kerberos=
) we used authenticated users=3B as they submitted Java jobs MR or Spark re=
ached through their user name and looked for a valid Kerberos Principal. Up=
on file access=2C HDFS does so. So your user needs to have a valid Kerberos=
 Ticket from `kinit` or a keytab file.
Of course: you could issue `kinit` via JNI=3B but this looks rather like a =
hack. If a service needs credentials=2C I'd rather use Keystores for that. =
On Hadoop with Kerberos=2C your user's Kerberos Principal is the default wa=
y to go.
Alternatively=2C you may use this parameter chain before start up:

SET KINIT=3Dc:\Program Files\Java\jdk1.6.0_20\bin\kinit=0A=
SET KEYTAB=3Dd:\webapps\app1\WEB-INF\serverhostname.keytab=0A=
SET SPN=3DHTTP/app1.intranet.company.com@REALM002.COMPANY.COM=0A=
SET KRB5INI=3Dd:\webapps\app1\WEB-INF\krb5.ini=0A=
"%KINIT%" -k -t "%KEYTAB%" %SPN% -J-Dsun.security.krb5.debug=3Dtrue "-J-Dja=
va.security.krb5.conf=3D%KRB5INI%"source: michael-behrendt.net/blog/2011/01=
/kerberos-keytab-uberprufen-mit-java-boardmitteln (German)
Kind regards=2C Daniel.

From: Chhaya.Vishwakarma@Thinkbiganalytics.comTo: user@hadoop.apache.org
Subject: Authenticating to Kerberos enabled Hadoop cluster using Java
Date: Mon=2C 2 Nov 2015 10:45:37 +0000

=0A=
=0A=
=0A=
=0A=
=0A=
=0A=
=0A=
=0A=
=0A=
I have Kerberos enabled Hadoop cluster=2C I need to perform HDFS operations=
 using JAVA code.=0A=
=0A=
I have keytab file and username can someone please suggest how can I authet=
icate to Kerberos using JAVA code?=0A=
Regards=2C=0A=
Chhaya=0A=
 		 	   		  =

--_e65e6ee0-73a6-46b7-aa0f-74cf07173deb_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 12pt=3B
font-family:Calibri
}
--></style></head>
<body class=3D'hmmessage'><div dir=3D'ltr'>Hi&nbsp=3BChhaya=2C<div><br></di=
v><div>Thank you for asking straight away. At my latest project (HDP with K=
erberos) we used authenticated users=3B as they submitted Java jobs MR or S=
park reached through their user name and looked for a valid Kerberos Princi=
pal. Upon file access=2C HDFS does so. So your user needs to have a valid K=
erberos Ticket from `kinit` or a keytab file.</div><div><br></div><div>Of c=
ourse: you could issue `kinit` via JNI=3B but this looks rather like a hack=
. If a service needs credentials=2C I'd rather use Keystores for that. On H=
adoop with Kerberos=2C your user's Kerberos Principal is the default way to=
 go.</div><div><br></div><div>Alternatively=2C you may use this parameter c=
hain before start up:<br><br></div><div><pre style=3D"box-sizing: inherit=
=3B border: 1px solid rgba(51=2C 51=2C 51=2C 0.0980392)=3B font-family: Inc=
onsolata=2C monospace=3B font-size: 19px=3B margin-top: 0px=3B margin-botto=
m: 1.6842em=3B outline: 0px=3B padding: 0.8em=3B vertical-align: baseline=
=3B line-height: 1.2632=3B max-width: 100%=3B overflow: auto=3B white-space=
: pre-wrap=3B word-wrap: break-word=3B color: rgb(51=2C 51=2C 51)=3B backgr=
ound-color: rgba(0=2C 0=2C 0=2C 0.00784314)=3B">SET KINIT=3Dc:\Program File=
s\Java\jdk1.6.0_20\bin\kinit=0A=
SET KEYTAB=3Dd:\webapps\app1\WEB-INF\serverhostname.keytab=0A=
SET SPN=3DHTTP/app1.intranet.company.com@REALM002.COMPANY.COM=0A=
SET KRB5INI=3Dd:\webapps\app1\WEB-INF\krb5.ini=0A=
"%KINIT%" -k -t "%KEYTAB%" %SPN% -J-Dsun.security.krb5.debug=3Dtrue "-J-Dja=
va.security.krb5.conf=3D%KRB5INI%"</pre><div>source:&nbsp=3B<a href=3D"http=
://michael-behrendt.net/blog/2011/01/kerberos-keytab-uberprufen-mit-java-bo=
ardmitteln/" target=3D"_blank" style=3D"font-size: 12pt=3B">michael-behrend=
t.net/blog/2011/01/kerberos-keytab-uberprufen-mit-java-boardmitteln</a>&nbs=
p=3B(German)</div><div><br></div><div>Kind regards=2C Daniel.<br><br><div><=
hr id=3D"stopSpelling"></div><div>From: Chhaya.Vishwakarma@Thinkbiganalytic=
s.com</div><div>To: user@hadoop.apache.org<br>Subject: Authenticating to Ke=
rberos enabled Hadoop cluster using Java<br>Date: Mon=2C 2 Nov 2015 10:45:3=
7 +0000<br><br>=0A=
=0A=
=0A=
=0A=
<style><!--=0A=
.ExternalClass p.ecxMsoNormal=2C .ExternalClass li.ecxMsoNormal=2C .Externa=
lClass div.ecxMsoNormal {=0A=
font-size:11.0pt=3B=0A=
font-family:"Calibri"=2C"sans-serif"=3B=0A=
}=0A=
=0A=
.ExternalClass a:link=2C .ExternalClass span.ecxMsoHyperlink {=0A=
color:blue=3B=0A=
text-decoration:underline=3B=0A=
}=0A=
=0A=
.ExternalClass span.ecxMsoHyperlinkFollowed {=0A=
color:purple=3B=0A=
text-decoration:underline=3B=0A=
}=0A=
=0A=
.ExternalClass p {=0A=
font-size:12.0pt=3B=0A=
font-family:"Times New Roman"=2C"serif"=3B=0A=
}=0A=
=0A=
.ExternalClass span.ecxEmailStyle17 {=0A=
font-family:"Calibri"=2C"sans-serif"=3B=0A=
color:windowtext=3B=0A=
}=0A=
=0A=
.ExternalClass .ecxMsoChpDefault {=0A=
font-family:"Calibri"=2C"sans-serif"=3B=0A=
}=0A=
=0A=
.ExternalClass div.ecxWordSection1 {=0A=
}=0A=
=0A=
--></style>=0A=
=0A=
=0A=
<div class=3D"ecxWordSection1">=0A=
<p style=3D"line-height:14.65pt=3Bbackground:white=3B">=0A=
<span style=3D"font-size:11.5pt=3Bfont-family:&quot=3BHelvetica&quot=3B=2C&=
quot=3Bsans-serif&quot=3B=3Bcolor:#222222=3B">I have Kerberos enabled Hadoo=
p cluster=2C I need to perform HDFS operations using JAVA code.</span></p>=
=0A=
<p style=3D"line-height:14.65pt=3Bbackground:white=3Bwidows:1=3Bword-spacin=
g:0px=3B">=0A=
<span style=3D"font-size:11.5pt=3Bfont-family:&quot=3BHelvetica&quot=3B=2C&=
quot=3Bsans-serif&quot=3B=3Bcolor:#222222=3B">I have keytab file and userna=
me can someone please suggest how can I autheticate to Kerberos using JAVA =
code?</span></p>=0A=
<p class=3D"ecxMsoNormal">Regards=2C</p>=0A=
<p class=3D"ecxMsoNormal">Chhaya</p>=0A=
</div></div></div></div> 		 	   		  </div></body>
</html>=

--_e65e6ee0-73a6-46b7-aa0f-74cf07173deb_--