You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mapreduce-user@hadoop.apache.org by Xiaohua Chen <xi...@gmail.com> on 2014/10/06 19:51:47 UTC
How to login a user with password to Kerberos Hadoop instead of
ticket cache or key tab file ?
Hi Experts,
We have a use case which needs to login user into Kerberos hadoop
using the kerberos user's name and password.
I have searched around and only found that
1) one can login a user from ticket cache ( this is the default one) or
2) login a user from this user's keytab file e.g.
UserGroupInformation.loginUserFromKeytabAndReturnUGI("sochen",
"/tmp/sochen.keytab"));
Can you shed some light how I can login a user using his kerberos
password and get a UserGroupInformation object so I can invoke
doAs(....) to access the HDFS file system ?
Thanks a lot!
Sophia
Re: How to login a user with password to Kerberos Hadoop instead of
ticket cache or key tab file ?
Posted by Xiaohua Chen <xi...@gmail.com>.
Larry,
Thanks and you have a nice day!
Best regards,
Sophia
On Mon, Oct 6, 2014 at 12:08 PM, Larry McCay <lm...@hortonworks.com> wrote:
> Well, it seems to be committed to branch-2 - so I assume it will make it
> into the next 2.x release.
>
>
> On Mon, Oct 6, 2014 at 2:51 PM, Xiaohua Chen <xi...@gmail.com> wrote:
>>
>> Hi Larry,
>>
>> Thanks! This is the very right approach I am looking for. Currently
>> I am using Hadoop 2.3.0 , seems this API
>> UserGroupInformation.getUGIFromSubject(subject) is only available from
>> Hadoop 3.0.0 , which seems is not released yet. So when can I expect
>> to get the downloadable for Hadoop 3.0.0 ?
>>
>> Thank you very much and best regards!
>>
>> Sophia
>>
>>
>>
>> On Mon, Oct 6, 2014 at 10:57 AM, Larry McCay <lm...@hortonworks.com>
>> wrote:
>> > You may find this approach interesting.
>> > https://issues.apache.org/jira/browse/HADOOP-10342
>> >
>> > The idea is that you preauthenticate using JAAS/krb5 or something in
>> > your
>> > application and then leverage the resulting java Subject to assert the
>> > authenticated identity.
>> >
>> > On Mon, Oct 6, 2014 at 1:51 PM, Xiaohua Chen <xi...@gmail.com>
>> > wrote:
>> >>
>> >> Hi Experts,
>> >>
>> >> We have a use case which needs to login user into Kerberos hadoop
>> >> using the kerberos user's name and password.
>> >>
>> >> I have searched around and only found that
>> >> 1) one can login a user from ticket cache ( this is the default one)
>> >> or
>> >> 2) login a user from this user's keytab file e.g.
>> >> UserGroupInformation.loginUserFromKeytabAndReturnUGI("sochen",
>> >> "/tmp/sochen.keytab"));
>> >>
>> >> Can you shed some light how I can login a user using his kerberos
>> >> password and get a UserGroupInformation object so I can invoke
>> >> doAs(....) to access the HDFS file system ?
>> >>
>> >> Thanks a lot!
>> >>
>> >> Sophia
>> >
>> >
>> >
>> > CONFIDENTIALITY NOTICE
>> > NOTICE: This message is intended for the use of the individual or entity
>> > to
>> > which it is addressed and may contain information that is confidential,
>> > privileged and exempt from disclosure under applicable law. If the
>> > reader of
>> > this message is not the intended recipient, you are hereby notified that
>> > any
>> > printing, copying, dissemination, distribution, disclosure or forwarding
>> > of
>> > this communication is strictly prohibited. If you have received this
>> > communication in error, please contact the sender immediately and delete
>> > it
>> > from your system. Thank You.
>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader of
> this message is not the intended recipient, you are hereby notified that any
> printing, copying, dissemination, distribution, disclosure or forwarding of
> this communication is strictly prohibited. If you have received this
> communication in error, please contact the sender immediately and delete it
> from your system. Thank You.
Re: How to login a user with password to Kerberos Hadoop instead of
ticket cache or key tab file ?
Posted by Xiaohua Chen <xi...@gmail.com>.
Larry,
Thanks and you have a nice day!
Best regards,
Sophia
On Mon, Oct 6, 2014 at 12:08 PM, Larry McCay <lm...@hortonworks.com> wrote:
> Well, it seems to be committed to branch-2 - so I assume it will make it
> into the next 2.x release.
>
>
> On Mon, Oct 6, 2014 at 2:51 PM, Xiaohua Chen <xi...@gmail.com> wrote:
>>
>> Hi Larry,
>>
>> Thanks! This is the very right approach I am looking for. Currently
>> I am using Hadoop 2.3.0 , seems this API
>> UserGroupInformation.getUGIFromSubject(subject) is only available from
>> Hadoop 3.0.0 , which seems is not released yet. So when can I expect
>> to get the downloadable for Hadoop 3.0.0 ?
>>
>> Thank you very much and best regards!
>>
>> Sophia
>>
>>
>>
>> On Mon, Oct 6, 2014 at 10:57 AM, Larry McCay <lm...@hortonworks.com>
>> wrote:
>> > You may find this approach interesting.
>> > https://issues.apache.org/jira/browse/HADOOP-10342
>> >
>> > The idea is that you preauthenticate using JAAS/krb5 or something in
>> > your
>> > application and then leverage the resulting java Subject to assert the
>> > authenticated identity.
>> >
>> > On Mon, Oct 6, 2014 at 1:51 PM, Xiaohua Chen <xi...@gmail.com>
>> > wrote:
>> >>
>> >> Hi Experts,
>> >>
>> >> We have a use case which needs to login user into Kerberos hadoop
>> >> using the kerberos user's name and password.
>> >>
>> >> I have searched around and only found that
>> >> 1) one can login a user from ticket cache ( this is the default one)
>> >> or
>> >> 2) login a user from this user's keytab file e.g.
>> >> UserGroupInformation.loginUserFromKeytabAndReturnUGI("sochen",
>> >> "/tmp/sochen.keytab"));
>> >>
>> >> Can you shed some light how I can login a user using his kerberos
>> >> password and get a UserGroupInformation object so I can invoke
>> >> doAs(....) to access the HDFS file system ?
>> >>
>> >> Thanks a lot!
>> >>
>> >> Sophia
>> >
>> >
>> >
>> > CONFIDENTIALITY NOTICE
>> > NOTICE: This message is intended for the use of the individual or entity
>> > to
>> > which it is addressed and may contain information that is confidential,
>> > privileged and exempt from disclosure under applicable law. If the
>> > reader of
>> > this message is not the intended recipient, you are hereby notified that
>> > any
>> > printing, copying, dissemination, distribution, disclosure or forwarding
>> > of
>> > this communication is strictly prohibited. If you have received this
>> > communication in error, please contact the sender immediately and delete
>> > it
>> > from your system. Thank You.
>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader of
> this message is not the intended recipient, you are hereby notified that any
> printing, copying, dissemination, distribution, disclosure or forwarding of
> this communication is strictly prohibited. If you have received this
> communication in error, please contact the sender immediately and delete it
> from your system. Thank You.
Re: How to login a user with password to Kerberos Hadoop instead of
ticket cache or key tab file ?
Posted by Xiaohua Chen <xi...@gmail.com>.
Larry,
Thanks and you have a nice day!
Best regards,
Sophia
On Mon, Oct 6, 2014 at 12:08 PM, Larry McCay <lm...@hortonworks.com> wrote:
> Well, it seems to be committed to branch-2 - so I assume it will make it
> into the next 2.x release.
>
>
> On Mon, Oct 6, 2014 at 2:51 PM, Xiaohua Chen <xi...@gmail.com> wrote:
>>
>> Hi Larry,
>>
>> Thanks! This is the very right approach I am looking for. Currently
>> I am using Hadoop 2.3.0 , seems this API
>> UserGroupInformation.getUGIFromSubject(subject) is only available from
>> Hadoop 3.0.0 , which seems is not released yet. So when can I expect
>> to get the downloadable for Hadoop 3.0.0 ?
>>
>> Thank you very much and best regards!
>>
>> Sophia
>>
>>
>>
>> On Mon, Oct 6, 2014 at 10:57 AM, Larry McCay <lm...@hortonworks.com>
>> wrote:
>> > You may find this approach interesting.
>> > https://issues.apache.org/jira/browse/HADOOP-10342
>> >
>> > The idea is that you preauthenticate using JAAS/krb5 or something in
>> > your
>> > application and then leverage the resulting java Subject to assert the
>> > authenticated identity.
>> >
>> > On Mon, Oct 6, 2014 at 1:51 PM, Xiaohua Chen <xi...@gmail.com>
>> > wrote:
>> >>
>> >> Hi Experts,
>> >>
>> >> We have a use case which needs to login user into Kerberos hadoop
>> >> using the kerberos user's name and password.
>> >>
>> >> I have searched around and only found that
>> >> 1) one can login a user from ticket cache ( this is the default one)
>> >> or
>> >> 2) login a user from this user's keytab file e.g.
>> >> UserGroupInformation.loginUserFromKeytabAndReturnUGI("sochen",
>> >> "/tmp/sochen.keytab"));
>> >>
>> >> Can you shed some light how I can login a user using his kerberos
>> >> password and get a UserGroupInformation object so I can invoke
>> >> doAs(....) to access the HDFS file system ?
>> >>
>> >> Thanks a lot!
>> >>
>> >> Sophia
>> >
>> >
>> >
>> > CONFIDENTIALITY NOTICE
>> > NOTICE: This message is intended for the use of the individual or entity
>> > to
>> > which it is addressed and may contain information that is confidential,
>> > privileged and exempt from disclosure under applicable law. If the
>> > reader of
>> > this message is not the intended recipient, you are hereby notified that
>> > any
>> > printing, copying, dissemination, distribution, disclosure or forwarding
>> > of
>> > this communication is strictly prohibited. If you have received this
>> > communication in error, please contact the sender immediately and delete
>> > it
>> > from your system. Thank You.
>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader of
> this message is not the intended recipient, you are hereby notified that any
> printing, copying, dissemination, distribution, disclosure or forwarding of
> this communication is strictly prohibited. If you have received this
> communication in error, please contact the sender immediately and delete it
> from your system. Thank You.
Re: How to login a user with password to Kerberos Hadoop instead of
ticket cache or key tab file ?
Posted by Xiaohua Chen <xi...@gmail.com>.
Larry,
Thanks and you have a nice day!
Best regards,
Sophia
On Mon, Oct 6, 2014 at 12:08 PM, Larry McCay <lm...@hortonworks.com> wrote:
> Well, it seems to be committed to branch-2 - so I assume it will make it
> into the next 2.x release.
>
>
> On Mon, Oct 6, 2014 at 2:51 PM, Xiaohua Chen <xi...@gmail.com> wrote:
>>
>> Hi Larry,
>>
>> Thanks! This is the very right approach I am looking for. Currently
>> I am using Hadoop 2.3.0 , seems this API
>> UserGroupInformation.getUGIFromSubject(subject) is only available from
>> Hadoop 3.0.0 , which seems is not released yet. So when can I expect
>> to get the downloadable for Hadoop 3.0.0 ?
>>
>> Thank you very much and best regards!
>>
>> Sophia
>>
>>
>>
>> On Mon, Oct 6, 2014 at 10:57 AM, Larry McCay <lm...@hortonworks.com>
>> wrote:
>> > You may find this approach interesting.
>> > https://issues.apache.org/jira/browse/HADOOP-10342
>> >
>> > The idea is that you preauthenticate using JAAS/krb5 or something in
>> > your
>> > application and then leverage the resulting java Subject to assert the
>> > authenticated identity.
>> >
>> > On Mon, Oct 6, 2014 at 1:51 PM, Xiaohua Chen <xi...@gmail.com>
>> > wrote:
>> >>
>> >> Hi Experts,
>> >>
>> >> We have a use case which needs to login user into Kerberos hadoop
>> >> using the kerberos user's name and password.
>> >>
>> >> I have searched around and only found that
>> >> 1) one can login a user from ticket cache ( this is the default one)
>> >> or
>> >> 2) login a user from this user's keytab file e.g.
>> >> UserGroupInformation.loginUserFromKeytabAndReturnUGI("sochen",
>> >> "/tmp/sochen.keytab"));
>> >>
>> >> Can you shed some light how I can login a user using his kerberos
>> >> password and get a UserGroupInformation object so I can invoke
>> >> doAs(....) to access the HDFS file system ?
>> >>
>> >> Thanks a lot!
>> >>
>> >> Sophia
>> >
>> >
>> >
>> > CONFIDENTIALITY NOTICE
>> > NOTICE: This message is intended for the use of the individual or entity
>> > to
>> > which it is addressed and may contain information that is confidential,
>> > privileged and exempt from disclosure under applicable law. If the
>> > reader of
>> > this message is not the intended recipient, you are hereby notified that
>> > any
>> > printing, copying, dissemination, distribution, disclosure or forwarding
>> > of
>> > this communication is strictly prohibited. If you have received this
>> > communication in error, please contact the sender immediately and delete
>> > it
>> > from your system. Thank You.
>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader of
> this message is not the intended recipient, you are hereby notified that any
> printing, copying, dissemination, distribution, disclosure or forwarding of
> this communication is strictly prohibited. If you have received this
> communication in error, please contact the sender immediately and delete it
> from your system. Thank You.
Re: How to login a user with password to Kerberos Hadoop instead of
ticket cache or key tab file ?
Posted by Larry McCay <lm...@hortonworks.com>.
Well, it seems to be committed to branch-2 - so I assume it will make it
into the next 2.x release.
On Mon, Oct 6, 2014 at 2:51 PM, Xiaohua Chen <xi...@gmail.com> wrote:
> Hi Larry,
>
> Thanks! This is the very right approach I am looking for. Currently
> I am using Hadoop 2.3.0 , seems this API
> UserGroupInformation.getUGIFromSubject(subject) is only available from
> Hadoop 3.0.0 , which seems is not released yet. So when can I expect
> to get the downloadable for Hadoop 3.0.0 ?
>
> Thank you very much and best regards!
>
> Sophia
>
>
>
> On Mon, Oct 6, 2014 at 10:57 AM, Larry McCay <lm...@hortonworks.com>
> wrote:
> > You may find this approach interesting.
> > https://issues.apache.org/jira/browse/HADOOP-10342
> >
> > The idea is that you preauthenticate using JAAS/krb5 or something in your
> > application and then leverage the resulting java Subject to assert the
> > authenticated identity.
> >
> > On Mon, Oct 6, 2014 at 1:51 PM, Xiaohua Chen <xi...@gmail.com>
> wrote:
> >>
> >> Hi Experts,
> >>
> >> We have a use case which needs to login user into Kerberos hadoop
> >> using the kerberos user's name and password.
> >>
> >> I have searched around and only found that
> >> 1) one can login a user from ticket cache ( this is the default one)
> or
> >> 2) login a user from this user's keytab file e.g.
> >> UserGroupInformation.loginUserFromKeytabAndReturnUGI("sochen",
> >> "/tmp/sochen.keytab"));
> >>
> >> Can you shed some light how I can login a user using his kerberos
> >> password and get a UserGroupInformation object so I can invoke
> >> doAs(....) to access the HDFS file system ?
> >>
> >> Thanks a lot!
> >>
> >> Sophia
> >
> >
> >
> > CONFIDENTIALITY NOTICE
> > NOTICE: This message is intended for the use of the individual or entity
> to
> > which it is addressed and may contain information that is confidential,
> > privileged and exempt from disclosure under applicable law. If the
> reader of
> > this message is not the intended recipient, you are hereby notified that
> any
> > printing, copying, dissemination, distribution, disclosure or forwarding
> of
> > this communication is strictly prohibited. If you have received this
> > communication in error, please contact the sender immediately and delete
> it
> > from your system. Thank You.
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: How to login a user with password to Kerberos Hadoop instead of
ticket cache or key tab file ?
Posted by Larry McCay <lm...@hortonworks.com>.
Well, it seems to be committed to branch-2 - so I assume it will make it
into the next 2.x release.
On Mon, Oct 6, 2014 at 2:51 PM, Xiaohua Chen <xi...@gmail.com> wrote:
> Hi Larry,
>
> Thanks! This is the very right approach I am looking for. Currently
> I am using Hadoop 2.3.0 , seems this API
> UserGroupInformation.getUGIFromSubject(subject) is only available from
> Hadoop 3.0.0 , which seems is not released yet. So when can I expect
> to get the downloadable for Hadoop 3.0.0 ?
>
> Thank you very much and best regards!
>
> Sophia
>
>
>
> On Mon, Oct 6, 2014 at 10:57 AM, Larry McCay <lm...@hortonworks.com>
> wrote:
> > You may find this approach interesting.
> > https://issues.apache.org/jira/browse/HADOOP-10342
> >
> > The idea is that you preauthenticate using JAAS/krb5 or something in your
> > application and then leverage the resulting java Subject to assert the
> > authenticated identity.
> >
> > On Mon, Oct 6, 2014 at 1:51 PM, Xiaohua Chen <xi...@gmail.com>
> wrote:
> >>
> >> Hi Experts,
> >>
> >> We have a use case which needs to login user into Kerberos hadoop
> >> using the kerberos user's name and password.
> >>
> >> I have searched around and only found that
> >> 1) one can login a user from ticket cache ( this is the default one)
> or
> >> 2) login a user from this user's keytab file e.g.
> >> UserGroupInformation.loginUserFromKeytabAndReturnUGI("sochen",
> >> "/tmp/sochen.keytab"));
> >>
> >> Can you shed some light how I can login a user using his kerberos
> >> password and get a UserGroupInformation object so I can invoke
> >> doAs(....) to access the HDFS file system ?
> >>
> >> Thanks a lot!
> >>
> >> Sophia
> >
> >
> >
> > CONFIDENTIALITY NOTICE
> > NOTICE: This message is intended for the use of the individual or entity
> to
> > which it is addressed and may contain information that is confidential,
> > privileged and exempt from disclosure under applicable law. If the
> reader of
> > this message is not the intended recipient, you are hereby notified that
> any
> > printing, copying, dissemination, distribution, disclosure or forwarding
> of
> > this communication is strictly prohibited. If you have received this
> > communication in error, please contact the sender immediately and delete
> it
> > from your system. Thank You.
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: How to login a user with password to Kerberos Hadoop instead of
ticket cache or key tab file ?
Posted by Larry McCay <lm...@hortonworks.com>.
Well, it seems to be committed to branch-2 - so I assume it will make it
into the next 2.x release.
On Mon, Oct 6, 2014 at 2:51 PM, Xiaohua Chen <xi...@gmail.com> wrote:
> Hi Larry,
>
> Thanks! This is the very right approach I am looking for. Currently
> I am using Hadoop 2.3.0 , seems this API
> UserGroupInformation.getUGIFromSubject(subject) is only available from
> Hadoop 3.0.0 , which seems is not released yet. So when can I expect
> to get the downloadable for Hadoop 3.0.0 ?
>
> Thank you very much and best regards!
>
> Sophia
>
>
>
> On Mon, Oct 6, 2014 at 10:57 AM, Larry McCay <lm...@hortonworks.com>
> wrote:
> > You may find this approach interesting.
> > https://issues.apache.org/jira/browse/HADOOP-10342
> >
> > The idea is that you preauthenticate using JAAS/krb5 or something in your
> > application and then leverage the resulting java Subject to assert the
> > authenticated identity.
> >
> > On Mon, Oct 6, 2014 at 1:51 PM, Xiaohua Chen <xi...@gmail.com>
> wrote:
> >>
> >> Hi Experts,
> >>
> >> We have a use case which needs to login user into Kerberos hadoop
> >> using the kerberos user's name and password.
> >>
> >> I have searched around and only found that
> >> 1) one can login a user from ticket cache ( this is the default one)
> or
> >> 2) login a user from this user's keytab file e.g.
> >> UserGroupInformation.loginUserFromKeytabAndReturnUGI("sochen",
> >> "/tmp/sochen.keytab"));
> >>
> >> Can you shed some light how I can login a user using his kerberos
> >> password and get a UserGroupInformation object so I can invoke
> >> doAs(....) to access the HDFS file system ?
> >>
> >> Thanks a lot!
> >>
> >> Sophia
> >
> >
> >
> > CONFIDENTIALITY NOTICE
> > NOTICE: This message is intended for the use of the individual or entity
> to
> > which it is addressed and may contain information that is confidential,
> > privileged and exempt from disclosure under applicable law. If the
> reader of
> > this message is not the intended recipient, you are hereby notified that
> any
> > printing, copying, dissemination, distribution, disclosure or forwarding
> of
> > this communication is strictly prohibited. If you have received this
> > communication in error, please contact the sender immediately and delete
> it
> > from your system. Thank You.
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: How to login a user with password to Kerberos Hadoop instead of
ticket cache or key tab file ?
Posted by Larry McCay <lm...@hortonworks.com>.
Well, it seems to be committed to branch-2 - so I assume it will make it
into the next 2.x release.
On Mon, Oct 6, 2014 at 2:51 PM, Xiaohua Chen <xi...@gmail.com> wrote:
> Hi Larry,
>
> Thanks! This is the very right approach I am looking for. Currently
> I am using Hadoop 2.3.0 , seems this API
> UserGroupInformation.getUGIFromSubject(subject) is only available from
> Hadoop 3.0.0 , which seems is not released yet. So when can I expect
> to get the downloadable for Hadoop 3.0.0 ?
>
> Thank you very much and best regards!
>
> Sophia
>
>
>
> On Mon, Oct 6, 2014 at 10:57 AM, Larry McCay <lm...@hortonworks.com>
> wrote:
> > You may find this approach interesting.
> > https://issues.apache.org/jira/browse/HADOOP-10342
> >
> > The idea is that you preauthenticate using JAAS/krb5 or something in your
> > application and then leverage the resulting java Subject to assert the
> > authenticated identity.
> >
> > On Mon, Oct 6, 2014 at 1:51 PM, Xiaohua Chen <xi...@gmail.com>
> wrote:
> >>
> >> Hi Experts,
> >>
> >> We have a use case which needs to login user into Kerberos hadoop
> >> using the kerberos user's name and password.
> >>
> >> I have searched around and only found that
> >> 1) one can login a user from ticket cache ( this is the default one)
> or
> >> 2) login a user from this user's keytab file e.g.
> >> UserGroupInformation.loginUserFromKeytabAndReturnUGI("sochen",
> >> "/tmp/sochen.keytab"));
> >>
> >> Can you shed some light how I can login a user using his kerberos
> >> password and get a UserGroupInformation object so I can invoke
> >> doAs(....) to access the HDFS file system ?
> >>
> >> Thanks a lot!
> >>
> >> Sophia
> >
> >
> >
> > CONFIDENTIALITY NOTICE
> > NOTICE: This message is intended for the use of the individual or entity
> to
> > which it is addressed and may contain information that is confidential,
> > privileged and exempt from disclosure under applicable law. If the
> reader of
> > this message is not the intended recipient, you are hereby notified that
> any
> > printing, copying, dissemination, distribution, disclosure or forwarding
> of
> > this communication is strictly prohibited. If you have received this
> > communication in error, please contact the sender immediately and delete
> it
> > from your system. Thank You.
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: How to login a user with password to Kerberos Hadoop instead of
ticket cache or key tab file ?
Posted by Xiaohua Chen <xi...@gmail.com>.
Hi Larry,
Thanks! This is the very right approach I am looking for. Currently
I am using Hadoop 2.3.0 , seems this API
UserGroupInformation.getUGIFromSubject(subject) is only available from
Hadoop 3.0.0 , which seems is not released yet. So when can I expect
to get the downloadable for Hadoop 3.0.0 ?
Thank you very much and best regards!
Sophia
On Mon, Oct 6, 2014 at 10:57 AM, Larry McCay <lm...@hortonworks.com> wrote:
> You may find this approach interesting.
> https://issues.apache.org/jira/browse/HADOOP-10342
>
> The idea is that you preauthenticate using JAAS/krb5 or something in your
> application and then leverage the resulting java Subject to assert the
> authenticated identity.
>
> On Mon, Oct 6, 2014 at 1:51 PM, Xiaohua Chen <xi...@gmail.com> wrote:
>>
>> Hi Experts,
>>
>> We have a use case which needs to login user into Kerberos hadoop
>> using the kerberos user's name and password.
>>
>> I have searched around and only found that
>> 1) one can login a user from ticket cache ( this is the default one) or
>> 2) login a user from this user's keytab file e.g.
>> UserGroupInformation.loginUserFromKeytabAndReturnUGI("sochen",
>> "/tmp/sochen.keytab"));
>>
>> Can you shed some light how I can login a user using his kerberos
>> password and get a UserGroupInformation object so I can invoke
>> doAs(....) to access the HDFS file system ?
>>
>> Thanks a lot!
>>
>> Sophia
>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader of
> this message is not the intended recipient, you are hereby notified that any
> printing, copying, dissemination, distribution, disclosure or forwarding of
> this communication is strictly prohibited. If you have received this
> communication in error, please contact the sender immediately and delete it
> from your system. Thank You.
Re: How to login a user with password to Kerberos Hadoop instead of
ticket cache or key tab file ?
Posted by Xiaohua Chen <xi...@gmail.com>.
Hi Larry,
Thanks! This is the very right approach I am looking for. Currently
I am using Hadoop 2.3.0 , seems this API
UserGroupInformation.getUGIFromSubject(subject) is only available from
Hadoop 3.0.0 , which seems is not released yet. So when can I expect
to get the downloadable for Hadoop 3.0.0 ?
Thank you very much and best regards!
Sophia
On Mon, Oct 6, 2014 at 10:57 AM, Larry McCay <lm...@hortonworks.com> wrote:
> You may find this approach interesting.
> https://issues.apache.org/jira/browse/HADOOP-10342
>
> The idea is that you preauthenticate using JAAS/krb5 or something in your
> application and then leverage the resulting java Subject to assert the
> authenticated identity.
>
> On Mon, Oct 6, 2014 at 1:51 PM, Xiaohua Chen <xi...@gmail.com> wrote:
>>
>> Hi Experts,
>>
>> We have a use case which needs to login user into Kerberos hadoop
>> using the kerberos user's name and password.
>>
>> I have searched around and only found that
>> 1) one can login a user from ticket cache ( this is the default one) or
>> 2) login a user from this user's keytab file e.g.
>> UserGroupInformation.loginUserFromKeytabAndReturnUGI("sochen",
>> "/tmp/sochen.keytab"));
>>
>> Can you shed some light how I can login a user using his kerberos
>> password and get a UserGroupInformation object so I can invoke
>> doAs(....) to access the HDFS file system ?
>>
>> Thanks a lot!
>>
>> Sophia
>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader of
> this message is not the intended recipient, you are hereby notified that any
> printing, copying, dissemination, distribution, disclosure or forwarding of
> this communication is strictly prohibited. If you have received this
> communication in error, please contact the sender immediately and delete it
> from your system. Thank You.
Re: How to login a user with password to Kerberos Hadoop instead of
ticket cache or key tab file ?
Posted by Xiaohua Chen <xi...@gmail.com>.
Hi Larry,
Thanks! This is the very right approach I am looking for. Currently
I am using Hadoop 2.3.0 , seems this API
UserGroupInformation.getUGIFromSubject(subject) is only available from
Hadoop 3.0.0 , which seems is not released yet. So when can I expect
to get the downloadable for Hadoop 3.0.0 ?
Thank you very much and best regards!
Sophia
On Mon, Oct 6, 2014 at 10:57 AM, Larry McCay <lm...@hortonworks.com> wrote:
> You may find this approach interesting.
> https://issues.apache.org/jira/browse/HADOOP-10342
>
> The idea is that you preauthenticate using JAAS/krb5 or something in your
> application and then leverage the resulting java Subject to assert the
> authenticated identity.
>
> On Mon, Oct 6, 2014 at 1:51 PM, Xiaohua Chen <xi...@gmail.com> wrote:
>>
>> Hi Experts,
>>
>> We have a use case which needs to login user into Kerberos hadoop
>> using the kerberos user's name and password.
>>
>> I have searched around and only found that
>> 1) one can login a user from ticket cache ( this is the default one) or
>> 2) login a user from this user's keytab file e.g.
>> UserGroupInformation.loginUserFromKeytabAndReturnUGI("sochen",
>> "/tmp/sochen.keytab"));
>>
>> Can you shed some light how I can login a user using his kerberos
>> password and get a UserGroupInformation object so I can invoke
>> doAs(....) to access the HDFS file system ?
>>
>> Thanks a lot!
>>
>> Sophia
>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader of
> this message is not the intended recipient, you are hereby notified that any
> printing, copying, dissemination, distribution, disclosure or forwarding of
> this communication is strictly prohibited. If you have received this
> communication in error, please contact the sender immediately and delete it
> from your system. Thank You.
Re: How to login a user with password to Kerberos Hadoop instead of
ticket cache or key tab file ?
Posted by Xiaohua Chen <xi...@gmail.com>.
Hi Larry,
Thanks! This is the very right approach I am looking for. Currently
I am using Hadoop 2.3.0 , seems this API
UserGroupInformation.getUGIFromSubject(subject) is only available from
Hadoop 3.0.0 , which seems is not released yet. So when can I expect
to get the downloadable for Hadoop 3.0.0 ?
Thank you very much and best regards!
Sophia
On Mon, Oct 6, 2014 at 10:57 AM, Larry McCay <lm...@hortonworks.com> wrote:
> You may find this approach interesting.
> https://issues.apache.org/jira/browse/HADOOP-10342
>
> The idea is that you preauthenticate using JAAS/krb5 or something in your
> application and then leverage the resulting java Subject to assert the
> authenticated identity.
>
> On Mon, Oct 6, 2014 at 1:51 PM, Xiaohua Chen <xi...@gmail.com> wrote:
>>
>> Hi Experts,
>>
>> We have a use case which needs to login user into Kerberos hadoop
>> using the kerberos user's name and password.
>>
>> I have searched around and only found that
>> 1) one can login a user from ticket cache ( this is the default one) or
>> 2) login a user from this user's keytab file e.g.
>> UserGroupInformation.loginUserFromKeytabAndReturnUGI("sochen",
>> "/tmp/sochen.keytab"));
>>
>> Can you shed some light how I can login a user using his kerberos
>> password and get a UserGroupInformation object so I can invoke
>> doAs(....) to access the HDFS file system ?
>>
>> Thanks a lot!
>>
>> Sophia
>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader of
> this message is not the intended recipient, you are hereby notified that any
> printing, copying, dissemination, distribution, disclosure or forwarding of
> this communication is strictly prohibited. If you have received this
> communication in error, please contact the sender immediately and delete it
> from your system. Thank You.
Re: How to login a user with password to Kerberos Hadoop instead of
ticket cache or key tab file ?
Posted by Larry McCay <lm...@hortonworks.com>.
You may find this approach interesting.
https://issues.apache.org/jira/browse/HADOOP-10342
The idea is that you preauthenticate using JAAS/krb5 or something in your
application and then leverage the resulting java Subject to assert the
authenticated identity.
On Mon, Oct 6, 2014 at 1:51 PM, Xiaohua Chen <xi...@gmail.com> wrote:
> Hi Experts,
>
> We have a use case which needs to login user into Kerberos hadoop
> using the kerberos user's name and password.
>
> I have searched around and only found that
> 1) one can login a user from ticket cache ( this is the default one) or
> 2) login a user from this user's keytab file e.g.
> UserGroupInformation.loginUserFromKeytabAndReturnUGI("sochen",
> "/tmp/sochen.keytab"));
>
> Can you shed some light how I can login a user using his kerberos
> password and get a UserGroupInformation object so I can invoke
> doAs(....) to access the HDFS file system ?
>
> Thanks a lot!
>
> Sophia
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: How to login a user with password to Kerberos Hadoop instead of
ticket cache or key tab file ?
Posted by Larry McCay <lm...@hortonworks.com>.
You may find this approach interesting.
https://issues.apache.org/jira/browse/HADOOP-10342
The idea is that you preauthenticate using JAAS/krb5 or something in your
application and then leverage the resulting java Subject to assert the
authenticated identity.
On Mon, Oct 6, 2014 at 1:51 PM, Xiaohua Chen <xi...@gmail.com> wrote:
> Hi Experts,
>
> We have a use case which needs to login user into Kerberos hadoop
> using the kerberos user's name and password.
>
> I have searched around and only found that
> 1) one can login a user from ticket cache ( this is the default one) or
> 2) login a user from this user's keytab file e.g.
> UserGroupInformation.loginUserFromKeytabAndReturnUGI("sochen",
> "/tmp/sochen.keytab"));
>
> Can you shed some light how I can login a user using his kerberos
> password and get a UserGroupInformation object so I can invoke
> doAs(....) to access the HDFS file system ?
>
> Thanks a lot!
>
> Sophia
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: How to login a user with password to Kerberos Hadoop instead of
ticket cache or key tab file ?
Posted by Larry McCay <lm...@hortonworks.com>.
You may find this approach interesting.
https://issues.apache.org/jira/browse/HADOOP-10342
The idea is that you preauthenticate using JAAS/krb5 or something in your
application and then leverage the resulting java Subject to assert the
authenticated identity.
On Mon, Oct 6, 2014 at 1:51 PM, Xiaohua Chen <xi...@gmail.com> wrote:
> Hi Experts,
>
> We have a use case which needs to login user into Kerberos hadoop
> using the kerberos user's name and password.
>
> I have searched around and only found that
> 1) one can login a user from ticket cache ( this is the default one) or
> 2) login a user from this user's keytab file e.g.
> UserGroupInformation.loginUserFromKeytabAndReturnUGI("sochen",
> "/tmp/sochen.keytab"));
>
> Can you shed some light how I can login a user using his kerberos
> password and get a UserGroupInformation object so I can invoke
> doAs(....) to access the HDFS file system ?
>
> Thanks a lot!
>
> Sophia
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: How to login a user with password to Kerberos Hadoop instead of
ticket cache or key tab file ?
Posted by Larry McCay <lm...@hortonworks.com>.
You may find this approach interesting.
https://issues.apache.org/jira/browse/HADOOP-10342
The idea is that you preauthenticate using JAAS/krb5 or something in your
application and then leverage the resulting java Subject to assert the
authenticated identity.
On Mon, Oct 6, 2014 at 1:51 PM, Xiaohua Chen <xi...@gmail.com> wrote:
> Hi Experts,
>
> We have a use case which needs to login user into Kerberos hadoop
> using the kerberos user's name and password.
>
> I have searched around and only found that
> 1) one can login a user from ticket cache ( this is the default one) or
> 2) login a user from this user's keytab file e.g.
> UserGroupInformation.loginUserFromKeytabAndReturnUGI("sochen",
> "/tmp/sochen.keytab"));
>
> Can you shed some light how I can login a user using his kerberos
> password and get a UserGroupInformation object so I can invoke
> doAs(....) to access the HDFS file system ?
>
> Thanks a lot!
>
> Sophia
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.