programatic translation of authentication names to local names

Ken Raeburn raeburn at MIT.EDU
Wed Feb 3 23:55:26 EST 2010


On Feb 3, 2010, at 21:40, Owen O'Malley wrote:
> We're adding Kerberos security to Apache Hadoop (hadoop.apache.org),  
> which is an open source petabyte-scale distributed file system and  
> MapReduce implementation.  Since MapReduce includes running  
> distributed jobs, we need to map the authenticated names to local OS  
> names. Within Kerberos this seems to be done by  
> krb5_aname_to_localname. Unfortunately, that method doesn't seem to be  
> exported via a public API or a CLI tool.

Looking at the 1.7.1 source tarball, I do see krb5_aname_to_localname in the symbol export list file that should get used to build the library.  Are you unable to link against it on some system?

You are correct that no CLI tool is shipped for examining the mapping.  Perhaps you can do something with the attached, rather hastily written script (assuming it doesn't get stripped out by the mail server).

Ken


-- 
Ken Raeburn / raeburn at mit.edu / no longer at MIT Kerberos Consortium

-------------- next part --------------
A non-text attachment was scrubbed...
Name: aname.py
Type: text/x-python-script
Size: 951 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20100203/972ababc/attachment.bin
-------------- next part --------------



More information about the Kerberos mailing list