Hi Chhaya,
Thank you for asking straight away. At my latest project (HDP with Kerberos) we
used authenticated users; as they submitted Java jobs MR or Spark reached
through their user name and looked for a valid Kerberos Principal. Upon file
access, HDFS does so. So your user needs to have a valid Kerberos Ticket from
`kinit` or a keytab file.
Of course: you could issue `kinit` via JNI; but this looks rather like a hack.
If a service needs credentials, I'd rather use Keystores for that. On Hadoop
with Kerberos, your user's Kerberos Principal is the default way to go.
Alternatively, you may use this parameter chain before start up:
SET KINIT=c:\Program Files\Java\jdk1.6.0_20\bin\kinit
SET KEYTAB=d:\webapps\app1\WEB-INF\serverhostname.keytab
SET SPN=HTTP/app1.intranet.company....@realm002.company.com
SET KRB5INI=d:\webapps\app1\WEB-INF\krb5.ini
"%KINIT%" -k -t "%KEYTAB%" %SPN% -J-Dsun.security.krb5.debug=true
"-J-Djava.security.krb5.conf=%KRB5INI%"source:
michael-behrendt.net/blog/2011/01/kerberos-keytab-uberprufen-mit-java-boardmitteln
(German)
Kind regards, Daniel.
From: Chhaya.Vishwakarma@Thinkbiganalytics.comTo: user@hadoop.apache.org
Subject: Authenticating to Kerberos enabled Hadoop cluster using Java
Date: Mon, 2 Nov 2015 10:45:37 +0000
I have Kerberos enabled Hadoop cluster, I need to perform HDFS operations using
JAVA code.
I have keytab file and username can someone please suggest how can I
autheticate to Kerberos using JAVA code?
Regards,
Chhaya
