You are viewing a plain text version of this content. The canonical link for it is here.

Posted to mapreduce-dev@hadoop.apache.org by Rahul Shrivastava <rh...@gmail.com> on 2015/02/23 19:52:42 UTC

MR Code example with Kerberos Authentication

Hi All,

I am new to Hadoop Authentication ( Kerberos, Simple Authentication). I
have been doing reading for security aspects of Hadoop at
http://blog.godatadriven.com/kerberos_kdc_install.html and
http://blog.cloudera.com/blog/2012/03/authorization-and-authentication-in-hadoop/.
Can someone provide me a Java code example of a map -reduce program that
uses Kerberos. A writeup that does a walk through of how to setup a
map-reduce program using kerberos would be helpful. Here I would not need
how to do setup of kerberos but rather how to setup a map-reduce program
that uses kerberos.


Sorry if the question is previously been answered.


Thanks

Rahul

Re: MR Code example with Kerberos Authentication

Posted by Rahul Shrivastava <rh...@gmail.com>.

Hi Harsh,

My desire is to understand Hadoop security model. My desire is to find out
and understand class/method of the code within hadoop source control (
which i have downloaded, 2.6)  where the client uses principal plus ticket
to get token, which it finally send it to the Namenode. Please correct me
if i have incorrect understanding of the process as I am pretty new to
hadoop security and had been reading various articles on it.

thanks
Rahul




On Mon, Feb 23, 2015 at 11:24 PM, Harsh J <ha...@cloudera.com> wrote:

> The use of kerberos is transparent to job development, unless you have
> long-running application needs.
>
> When properly configured to use security (via the XML files), the
> JobClient/etc. will auto-discover a local kinit-done login to make use
> of it for authentication.
>
> Counter question therefore is, what is your specific error (or need)
> that leads you to look for a different approach?
>
> That said, if you are looking at performing a keytab login (rather
> than using the local kinit cache) from within
> your application, you could use JAAS or rely on SecurityUtil#login(…)
> API:
> https://hadoop.apache.org/docs/stable1/api/org/apache/hadoop/security/SecurityUtil.html#login(org.apache.hadoop.conf.Configuration
> ,
> java.lang.String, java.lang.String)
>
> On Tue, Feb 24, 2015 at 12:22 AM, Rahul Shrivastava <rh...@gmail.com>
> wrote:
> > Hi All,
> >
> > I am new to Hadoop Authentication ( Kerberos, Simple Authentication). I
> > have been doing reading for security aspects of Hadoop at
> > http://blog.godatadriven.com/kerberos_kdc_install.html and
> >
> http://blog.cloudera.com/blog/2012/03/authorization-and-authentication-in-hadoop/
> .
> > Can someone provide me a Java code example of a map -reduce program that
> > uses Kerberos. A writeup that does a walk through of how to setup a
> > map-reduce program using kerberos would be helpful. Here I would not need
> > how to do setup of kerberos but rather how to setup a map-reduce program
> > that uses kerberos.
> >
> >
> > Sorry if the question is previously been answered.
> >
> >
> > Thanks
> >
> > Rahul
>
>
>
> --
> Harsh J
>

Re: MR Code example with Kerberos Authentication

Posted by Harsh J <ha...@cloudera.com>.

The use of kerberos is transparent to job development, unless you have
long-running application needs.

When properly configured to use security (via the XML files), the
JobClient/etc. will auto-discover a local kinit-done login to make use
of it for authentication.

Counter question therefore is, what is your specific error (or need)
that leads you to look for a different approach?

That said, if you are looking at performing a keytab login (rather
than using the local kinit cache) from within
your application, you could use JAAS or rely on SecurityUtil#login(…)
API: https://hadoop.apache.org/docs/stable1/api/org/apache/hadoop/security/SecurityUtil.html#login(org.apache.hadoop.conf.Configuration,
java.lang.String, java.lang.String)

On Tue, Feb 24, 2015 at 12:22 AM, Rahul Shrivastava <rh...@gmail.com> wrote:
> Hi All,
>
> I am new to Hadoop Authentication ( Kerberos, Simple Authentication). I
> have been doing reading for security aspects of Hadoop at
> http://blog.godatadriven.com/kerberos_kdc_install.html and
> http://blog.cloudera.com/blog/2012/03/authorization-and-authentication-in-hadoop/.
> Can someone provide me a Java code example of a map -reduce program that
> uses Kerberos. A writeup that does a walk through of how to setup a
> map-reduce program using kerberos would be helpful. Here I would not need
> how to do setup of kerberos but rather how to setup a map-reduce program
> that uses kerberos.
>
>
> Sorry if the question is previously been answered.
>
>
> Thanks
>
> Rahul



-- 
Harsh J