Hey everyone, I was working with UserGroupInformation Class and Kerberos.
Is there a proper example how to renew the Kerkebros Ticket from a keytab ?
For Example:
assuming that I have the jaas.config set in the jvm I do:
UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
This will login the user but not using a keytab.
Using this code it will login with Kerberos:
UserGroupInformation.setConfiguration(conf);
Krb5LoginModule context = new Krb5LoginModule();
Subject subject = new Subject();
javax.security.auth.login.Configuration jconf =
javax.security.auth.login.Configuration.getConfiguration();
AppConfigurationEntry entries[] =
jconf.getAppConfigurationEntry("Client");
context.initialize(subject,null, new HashMap<String,
String>(),entries[0].getOptions());
context.login();
context.commit();
UserGroupInformation.loginUserFromSubject(subject);
How Do I make sure that my Keytab get’s renewed ? I think Hadoop Libraries
should take of this. I can count a lot of projects implementing their own
TicketRewener…
Any suggestions here ?
Thanks
Jorge Machado
