Multiple realms
Phatak, Bharath
bharath.phatak at rsa.com
Mon Oct 20 02:17:25 EDT 2014
Hi Ben,
I have java client to connect to Kerberos enabled Hadoop. Client should be able to connect different realms at the same time.
I am using following code to interact with Kerberos enabled Hadoop.
UserGroupInformation.loginUserFromKeytab("hdfs/pivhdsne.rup at NEW.COM","/root/hdfsNew.keytab");
System.out.println("Obtained......\n\n\n\n");
URI uri = URI.create("webhdfs://IP:50070 ");
FileSystem fs = FileSystem.get(uri, configuration);
if (fs.mkdirs(new Path("/testKerbhdfsUser")))
System.out.print("Directory created...");
The API is recognizing only default_realm.
Krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm=NEW.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 1m
renew_lifetime = 7d
forwardable = true
default_ccache_name =FILE:/tmp/hello/tktj0gw2g
[realms]
NEW.COM = {
kdc = bharath.kdc
admin_server = bharath.kdc
}
EXAMPLE.COM = {
kdc = wckdserver.krbnet
admin_server = wckdserver.krbnet
}
[domain_realm]
.example.com = EXAMPLE.COM
.new.com = NEW.COM
pivhdsne.localdomain = EXAMPLE.COM
pivhdsne.rupam = NEW.COM
Thanks,
Bharath
-----Original Message-----
From: Benjamin Kaduk [mailto:kaduk at MIT.EDU]
Sent: Friday, October 17, 2014 9:49 PM
To: Phatak, Bharath
Cc: kerberos at mit.edu
Subject: Re: Multiple realms
I am not sure I fully understand the situation, but are the appropriate [domain_realm] mappings in the krb5.conf?
-Ben Kaduk
More information about the Kerberos
mailing list