Return-Path: X-Original-To: apmail-hadoop-hdfs-user-archive@minotaur.apache.org Delivered-To: apmail-hadoop-hdfs-user-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A333CD10E for ; Thu, 29 Nov 2012 09:21:13 +0000 (UTC) Received: (qmail 55048 invoked by uid 500); 29 Nov 2012 09:21:08 -0000 Delivered-To: apmail-hadoop-hdfs-user-archive@hadoop.apache.org Received: (qmail 54964 invoked by uid 500); 29 Nov 2012 09:21:08 -0000 Mailing-List: contact user-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@hadoop.apache.org Delivered-To: mailing list user@hadoop.apache.org Received: (qmail 54942 invoked by uid 99); 29 Nov 2012 09:21:07 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 Nov 2012 09:21:07 +0000 X-ASF-Spam-Status: No, hits=3.8 required=5.0 tests=FB_GET_MEDS,FREEMAIL_ENVFROM_END_DIGIT,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of ohsg74@gmail.com designates 209.85.214.176 as permitted sender) Received: from [209.85.214.176] (HELO mail-ob0-f176.google.com) (209.85.214.176) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 Nov 2012 09:21:02 +0000 Received: by mail-ob0-f176.google.com with SMTP id un3so14825320obb.35 for ; Thu, 29 Nov 2012 01:20:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=6NpWulEPhDFNdF9DMxI4qYX9ljXvEuwy23pbwlz+rec=; b=IvzLSrtzMobIBPRPQotjNqQH1RJ6Zh6Ow1au7XSvJLCp0J7IifzjAURVa745GjtmJr hpLC8ib56UAEG8MHcgyJpewhMgJb0hy/azVtI7vEB1+Ujyn4l8DN8fVDdaIfwnTBIw8Z BKIUUeCdhMLyYAicD81hdTbJ56m1Kf4wgJySsEUXQSqX4Wlq1n+lZHX5rFwbxKZEveWO jdevVQQrrvlsgQnvgVb8AsSZ70eDqDVYE7H2BKm/V1VkjEW+SdvDAJw3sqcjaNy4S5QH oB4YmCmzZP1LdhgyMed4/6vMLXkZzcnoMpUSadNBjzVFEXDDOXvie6tVbAJiwdms2XiT NA4g== MIME-Version: 1.0 Received: by 10.60.169.171 with SMTP id af11mr1016742oec.92.1354180842139; Thu, 29 Nov 2012 01:20:42 -0800 (PST) Received: by 10.60.155.175 with HTTP; Thu, 29 Nov 2012 01:20:42 -0800 (PST) In-Reply-To: References: Date: Thu, 29 Nov 2012 18:20:42 +0900 Message-ID: Subject: Re: Could I authenticate hadoop manually using kerberos From: Oh Seok Keun To: user@hadoop.apache.org Content-Type: multipart/alternative; boundary=bcaec54d47660eae3d04cf9ecc89 X-Virus-Checked: Checked by ClamAV on apache.org --bcaec54d47660eae3d04cf9ecc89 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Thank you for the advices. But I can't login. Here is my code. How can I login to hadoop cluster with my kerberos principal at remote server. # Code Configuration config =3D new Configuration(); config.set("fs.default.name", "hdfs://myhadoop:9000"); SecurityUtil.login(config, "/usr/local/myhadoop/files/tester.keytab", "tester"); FileSystem fs =3D FileSystem.get(config); Path path =3D new Path(fs.getHomeDirectory().toString() + "/aaa"); fs.mkdirs(path); # Error 12/11/29 18:02:15 ERROR security.UserGroupInformation: PriviledgedActionException as:bigpack cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)] 12/11/29 18:02:15 WARN ipc.Client: Exception encountered while connecting to the server : javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)] 12/11/29 18:02:15 ERROR security.UserGroupInformation: PriviledgedActionException as:bigpack cause:java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)] thanks. 2012/11/28 Harsh J > If the cluster is secured, it will demand kerberos credentials. There > is no way to bypass this requirement (and it wouldn't make sense to > allow such a thing either). > > If you do have a keytab file, and are wishing to automate the login by > knowing the keytab path, you can use the SecurityUtil.login(=E2=80=A6) AP= I: > > http://hadoop.apache.org/docs/stable/api/org/apache/hadoop/security/Secur= ityUtil.html#login(org.apache.hadoop.conf.Configuration,%20java.lang.String= ,%20java.lang.String) > > On Wed, Nov 28, 2012 at 2:27 PM, Oh Seok Keun wrote: > > HI. > > > > I set my hadoop cluster to security enable using kerberos. > > Can I login to the hadoop cluster without execute kinit command? > > I can't find hadoop api that I use kerberos principal (manually set > > username and password) instead cached ticket. > > How can I use hadoop api for that. > > > > thanks. > > > > -- > > ----------------------------- > > ohsg74@gmail.com > > H.P.: 010-2534-6795 > > ------------------------------ > > > > -- > Harsh J > --=20 ----------------------------- ohsg74@gmail.com H.P.: 010-2534-6795 ------------------------------ --bcaec54d47660eae3d04cf9ecc89 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Thank you = for the advices.

But I can't log= in.=C2=A0
Here is my code.
How can I login to hadoop cluster with my kerberos principal a= t remote server.

# Code
Configuration config =3D new Configuration();
<= div>config.set("fs.default.name= ", "hdfs://myhadoop:9000");
SecurityUtil.login(config, "/usr/local/myhadoop/files/tester.keyt= ab", "tester");
FileSystem fs =3D FileSystem.get(c= onfig);
Path path =3D new Path(fs.getHomeDirectory().toString() += "/aaa");
fs.mkdirs(path);

# Error
12/11/29 18:02:15 ERROR security.UserGroupInformation: PriviledgedActionEx= ception as:bigpack cause:javax.security.sasl.SaslException: GSS initiate fa= iled [Caused by GSSException: No valid credentials provided (Mechanism leve= l: Failed to find any Kerberos tgt)]
12/11/29 18:02:15 WARN ipc.Client: Exception encountered while connect= ing to the server : javax.security.sasl.SaslException: GSS initiate failed = [Caused by GSSException: No valid credentials provided (Mechanism level: Fa= iled to find any Kerberos tgt)]
12/11/29 18:02:15 ERROR security.UserGroupInformation: PriviledgedActi= onException as:bigpack cause:java.io.IOException: javax.security.sasl.SaslE= xception: GSS initiate failed [Caused by GSSException: No valid credentials= provided (Mechanism level: Failed to find any Kerberos tgt)]

thanks.

2012/11/28 Harsh J <= harsh@cloudera.com>
If the cluster is secured, it will demand ke= rberos credentials. There
is no way to bypass this requirement (and it wouldn't make sense to
allow such a thing either).

If you do have a keytab file, and are wishing to automate the login by
knowing the keytab path, you can use the SecurityUtil.login(=E2=80=A6) API:=
http://hadoop.apache.org/= docs/stable/api/org/apache/hadoop/security/SecurityUtil.html#login(org.apac= he.hadoop.conf.Configuration,%20java.lang.String,%20java.lang.String)

On Wed, Nov 28, 2012 at 2:27 PM, Oh Seok Keun <ohsg74@gmail.com> wrote:
> HI.
>
> I set my hadoop cluster to security enable using kerberos.
> Can I login to the hadoop cluster without execute kinit command?
> I can't find hadoop api that =C2=A0I use kerberos principal (manua= lly set
> username and password) instead cached ticket.
> How can I use hadoop api for that.
>
> thanks.
>
> --
> -----------------------------
> ohsg74@gmail.com=
> H.P.: 010-2534-6795
> ------------------------------



--
Harsh J



-- -----------------------------
ohsg74@gmail.com
H.P.: 010-2534-6795
--------------= ----------------
--bcaec54d47660eae3d04cf9ecc89--