Login usecase

Aneela Saleem aneela at platalytics.com
Mon Jul 18 12:52:20 EDT 2016 

Yep, that will be great.

On Mon, Jul 18, 2016 at 8:41 PM, Brandon Allbery <ballbery at sinenomine.net>
wrote:

> While I can’t give you details, it sounds like you want to change the web
> application to use SPNEGO to do Kerberos authentication with a user; this
> gives you a credential that you can then use to authenticate to Hadoop.
>
>
>
> *From: *Aneela Saleem <aneela at platalytics.com>
> *Date: *Monday, July 18, 2016 at 11:13
> *To: *Brandon Allbery <ballbery at sinenomine.net>
> *Cc: *"kerberos at mit.edu" <kerberos at mit.edu>
> *Subject: *Re: Login usecase
>
>
>
> Thanks Brandon for your response.
>
> Actually, My use-case is that I have a web application that authenticates
> a user. Then user calls my backend services written in java to interact
> with hadoop cluster. My hadoop cluster is kerberos-enabled. I need to
> authenticate this user using my java code. I am able to login using keytab
> files, but i did not get someway to login using password. For logging in
> using keytab files, we need to place keytab files for all the system users
> on all the hosts from where we can access our hadoop cluster. So this is
> the main drawback. And as you say logging using keytab files is not
> appropriate then how can we achieve this objective?
>
> Thanks
>
>
>
> On Mon, Jul 18, 2016 at 7:45 PM, Brandon Allbery <ballbery at sinenomine.net>
> wrote:
>
> You are going to have to describe what you are trying to do in more
> detail. Keytabs are not normally used for this purpose, except in the case
> of automated procedures (e.g. cron) that need to log in to a service as if
> they are a user. Perhaps you have confused keytabs (“passwords” on disk)
> with ccaches (ephemeral service credentials, which may or may not be on
> disk and typically expire in a relatively short time)?
>
>
> On 7/17/16, 16:04, "kerberos-bounces at mit.edu on behalf of Aneela Saleem" <
> kerberos-bounces at mit.edu on behalf of aneela at platalytics.com> wrote:
>
>     Hi all,
>
>     If a user logs into any kerberized Application, using Krb5LoginModule,
>     there is a function loginFromKeyTab. Client should have the key tab
> file to
>     login to application. But I think this is very insecure way of login.
>     Anyone who cloud access your key tab file then login to application. Is
>     there any appropriate way to login to system. I don't understand How
> to do
>     this. I'm stuck
>
>     Thanks
>
>     ________________________________________________
>     Kerberos mailing list           Kerberos at mit.edu
>     https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
>

More information about the Kerberos mailing list