Multiple realms
Phatak, Bharath
bharath.phatak at rsa.com
Fri Oct 17 01:12:14 EDT 2014
Hi All,
Earlier we were using C++ and curl libraries to support Kerberos for Hadoop. Now we need to provide the same with Java.
I am using following code to interact with Kerberos enabled Hadoop.
UserGroupInformation.loginUserFromKeytab("hdfs/pivhdsne.rup at NEW.COM<mailto:hdfs/pivhdsne.rup at NEW.COM>","/root/hdfsNew.keytab");
System.out.println("Obtained......\n\n\n\n");
URI uri = URI.create("webhdfs://IP:50070 ");
FileSystem fs = FileSystem.get(uri, configuration);
if (fs.mkdirs(new Path("/testKerbhdfsUser")))
System.out.print("Directory created...");
It working fine but when the customer wishes to use multiple realms then my code fails.
With the below conf, code works fine when using NEW.COM but fails if using EXAMPLE.COM.
How I can connect using multiple realms using same krb5.conf but different keytab and different principals.
Krb5.conf
[libdefaults]
default_realm = NEW.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 1d
renew_lifetime = 7d
forwardable = true
[realms]
NEW.COM = {
kdc = bharath.kdc
admin_server = bharath.kdc
}
EXAMPLE.COM = {
kdc = wckdserver.krbnet
admin_server = wckdserver.krbnet
}
Any help is much appreciated.
Thanks,
Bharath
More information about the Kerberos
mailing list