Multiple realms

Phatak, Bharath bharath.phatak at rsa.com
Fri Oct 17 01:12:14 EDT 2014


Hi All,

Earlier we were using C++ and curl libraries to support Kerberos for Hadoop. Now we need to provide the same with Java.

I am using following code to interact with Kerberos enabled Hadoop.

UserGroupInformation.loginUserFromKeytab("hdfs/pivhdsne.rup at NEW.COM<mailto:hdfs/pivhdsne.rup at NEW.COM>","/root/hdfsNew.keytab");
                System.out.println("Obtained......\n\n\n\n");

                URI uri = URI.create("webhdfs://IP:50070 ");
                FileSystem fs = FileSystem.get(uri, configuration);


                if (fs.mkdirs(new Path("/testKerbhdfsUser")))
                System.out.print("Directory created...");

It working fine but when the customer wishes to use multiple realms then my code fails.

With the below conf, code works fine when using NEW.COM but fails if using EXAMPLE.COM.

How I can connect using multiple realms using same krb5.conf but different keytab and different principals.


Krb5.conf
[libdefaults]
default_realm = NEW.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 1d
renew_lifetime = 7d
forwardable = true


[realms]
NEW.COM = {
kdc = bharath.kdc
admin_server = bharath.kdc
}
EXAMPLE.COM = {
  kdc = wckdserver.krbnet
  admin_server = wckdserver.krbnet
}


Any help is much appreciated.

Thanks,
Bharath



More information about the Kerberos mailing list