hadoop-mapreduce-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geoff Thompson <ge...@bearpeak.com>
Subject Programmatic Kerberos login with password to a secure cluster
Date Mon, 16 Jun 2014 20:11:41 GMT

We are developing a YARN application where the client executes on a machine that is external
to a secure cluster. I have been able to successfully do a Kerberos login by manually running
the kinit command on the external machine then starting the client. However, our goal is to
not require the user to run kinit.

I have been able to programmatically login using a keytab file using method loginUserFromKeytab
from class org.apache.hadoop.security.UserGroupInformation. This is very useful. However,
we also want to see if we can not require the use of a keytab file and allow the user to enter
a password into the UI for our YARN client.

Essentially I would like to write a “loginUserWithPassword” method. I can see that this
would require creating a javax.security.auth.login.LoginContext with my own callback handler.

Reading the UserGroupInformation source code I see that a LoginContext needs to be built with
a “HadoopConfiguration” which is a private static class inside UserGroupInformation. This
class is too difficult to duplicate in my own code since it has too many dependencies on other
private details in class UserGroupInformation plus dependencies on other non-public classes
in the org.apache.hadoop.security package.

Does any one know how I could do a programmatic Kerberos login with a password? Or perhaps
access a HadoopConfiguration?



View raw message