hadoop-hdfs-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oh Seok Keun <ohs...@gmail.com>
Subject Re: Could I authenticate hadoop manually using kerberos
Date Thu, 29 Nov 2012 09:20:42 GMT
Thank you for the advices.

But I can't login.
Here is my code.
How can I login to hadoop cluster with my kerberos principal at remote
server.

# Code
Configuration config = new Configuration();
config.set("fs.default.name", "hdfs://myhadoop:9000");
SecurityUtil.login(config, "/usr/local/myhadoop/files/tester.keytab",
"tester");
FileSystem fs = FileSystem.get(config);
Path path = new Path(fs.getHomeDirectory().toString() + "/aaa");
fs.mkdirs(path);

# Error
12/11/29 18:02:15 ERROR security.UserGroupInformation:
PriviledgedActionException as:bigpack
cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Failed to
find any Kerberos tgt)]
12/11/29 18:02:15 WARN ipc.Client: Exception encountered while connecting
to the server : javax.security.sasl.SaslException: GSS initiate failed
[Caused by GSSException: No valid credentials provided (Mechanism level:
Failed to find any Kerberos tgt)]
12/11/29 18:02:15 ERROR security.UserGroupInformation:
PriviledgedActionException as:bigpack cause:java.io.IOException:
javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Failed to
find any Kerberos tgt)]

thanks.

2012/11/28 Harsh J <harsh@cloudera.com>

> If the cluster is secured, it will demand kerberos credentials. There
> is no way to bypass this requirement (and it wouldn't make sense to
> allow such a thing either).
>
> If you do have a keytab file, and are wishing to automate the login by
> knowing the keytab path, you can use the SecurityUtil.login(…) API:
>
> http://hadoop.apache.org/docs/stable/api/org/apache/hadoop/security/SecurityUtil.html#login(org.apache.hadoop.conf.Configuration,%20java.lang.String,%20java.lang.String)
>
> On Wed, Nov 28, 2012 at 2:27 PM, Oh Seok Keun <ohsg74@gmail.com> wrote:
> > HI.
> >
> > I set my hadoop cluster to security enable using kerberos.
> > Can I login to the hadoop cluster without execute kinit command?
> > I can't find hadoop api that  I use kerberos principal (manually set
> > username and password) instead cached ticket.
> > How can I use hadoop api for that.
> >
> > thanks.
> >
> > --
> > -----------------------------
> > ohsg74@gmail.com
> > H.P.: 010-2534-6795
> > ------------------------------
>
>
>
> --
> Harsh J
>



-- 
-----------------------------
ohsg74@gmail.com
H.P.: 010-2534-6795
------------------------------

Mime
View raw message