You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@hadoop.apache.org by Oh Seok Keun <oh...@gmail.com> on 2012/11/28 09:57:52 UTC
Could I authenticate hadoop manually using kerberos
HI.
I set my hadoop cluster to security enable using kerberos.
Can I login to the hadoop cluster without execute kinit command?
I can't find hadoop api that I use kerberos principal (manually set
username and password) instead cached ticket.
How can I use hadoop api for that.
thanks.
--
-----------------------------
ohsg74@gmail.com
H.P.: 010-2534-6795
------------------------------
Re: Could I authenticate hadoop manually using kerberos
Posted by Oh Seok Keun <oh...@gmail.com>.
Thank you for the advices.
But I can't login.
Here is my code.
How can I login to hadoop cluster with my kerberos principal at remote
server.
# Code
Configuration config = new Configuration();
config.set("fs.default.name", "hdfs://myhadoop:9000");
SecurityUtil.login(config, "/usr/local/myhadoop/files/tester.keytab",
"tester");
FileSystem fs = FileSystem.get(config);
Path path = new Path(fs.getHomeDirectory().toString() + "/aaa");
fs.mkdirs(path);
# Error
12/11/29 18:02:15 ERROR security.UserGroupInformation:
PriviledgedActionException as:bigpack
cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Failed to
find any Kerberos tgt)]
12/11/29 18:02:15 WARN ipc.Client: Exception encountered while connecting
to the server : javax.security.sasl.SaslException: GSS initiate failed
[Caused by GSSException: No valid credentials provided (Mechanism level:
Failed to find any Kerberos tgt)]
12/11/29 18:02:15 ERROR security.UserGroupInformation:
PriviledgedActionException as:bigpack cause:java.io.IOException:
javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Failed to
find any Kerberos tgt)]
thanks.
2012/11/28 Harsh J <ha...@cloudera.com>
> If the cluster is secured, it will demand kerberos credentials. There
> is no way to bypass this requirement (and it wouldn't make sense to
> allow such a thing either).
>
> If you do have a keytab file, and are wishing to automate the login by
> knowing the keytab path, you can use the SecurityUtil.login(…) API:
>
> http://hadoop.apache.org/docs/stable/api/org/apache/hadoop/security/SecurityUtil.html#login(org.apache.hadoop.conf.Configuration,%20java.lang.String,%20java.lang.String)
>
> On Wed, Nov 28, 2012 at 2:27 PM, Oh Seok Keun <oh...@gmail.com> wrote:
> > HI.
> >
> > I set my hadoop cluster to security enable using kerberos.
> > Can I login to the hadoop cluster without execute kinit command?
> > I can't find hadoop api that I use kerberos principal (manually set
> > username and password) instead cached ticket.
> > How can I use hadoop api for that.
> >
> > thanks.
> >
> > --
> > -----------------------------
> > ohsg74@gmail.com
> > H.P.: 010-2534-6795
> > ------------------------------
>
>
>
> --
> Harsh J
>
--
-----------------------------
ohsg74@gmail.com
H.P.: 010-2534-6795
------------------------------
Re: Could I authenticate hadoop manually using kerberos
Posted by Oh Seok Keun <oh...@gmail.com>.
Thank you for the advices.
But I can't login.
Here is my code.
How can I login to hadoop cluster with my kerberos principal at remote
server.
# Code
Configuration config = new Configuration();
config.set("fs.default.name", "hdfs://myhadoop:9000");
SecurityUtil.login(config, "/usr/local/myhadoop/files/tester.keytab",
"tester");
FileSystem fs = FileSystem.get(config);
Path path = new Path(fs.getHomeDirectory().toString() + "/aaa");
fs.mkdirs(path);
# Error
12/11/29 18:02:15 ERROR security.UserGroupInformation:
PriviledgedActionException as:bigpack
cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Failed to
find any Kerberos tgt)]
12/11/29 18:02:15 WARN ipc.Client: Exception encountered while connecting
to the server : javax.security.sasl.SaslException: GSS initiate failed
[Caused by GSSException: No valid credentials provided (Mechanism level:
Failed to find any Kerberos tgt)]
12/11/29 18:02:15 ERROR security.UserGroupInformation:
PriviledgedActionException as:bigpack cause:java.io.IOException:
javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Failed to
find any Kerberos tgt)]
thanks.
2012/11/28 Harsh J <ha...@cloudera.com>
> If the cluster is secured, it will demand kerberos credentials. There
> is no way to bypass this requirement (and it wouldn't make sense to
> allow such a thing either).
>
> If you do have a keytab file, and are wishing to automate the login by
> knowing the keytab path, you can use the SecurityUtil.login(…) API:
>
> http://hadoop.apache.org/docs/stable/api/org/apache/hadoop/security/SecurityUtil.html#login(org.apache.hadoop.conf.Configuration,%20java.lang.String,%20java.lang.String)
>
> On Wed, Nov 28, 2012 at 2:27 PM, Oh Seok Keun <oh...@gmail.com> wrote:
> > HI.
> >
> > I set my hadoop cluster to security enable using kerberos.
> > Can I login to the hadoop cluster without execute kinit command?
> > I can't find hadoop api that I use kerberos principal (manually set
> > username and password) instead cached ticket.
> > How can I use hadoop api for that.
> >
> > thanks.
> >
> > --
> > -----------------------------
> > ohsg74@gmail.com
> > H.P.: 010-2534-6795
> > ------------------------------
>
>
>
> --
> Harsh J
>
--
-----------------------------
ohsg74@gmail.com
H.P.: 010-2534-6795
------------------------------
Re: Could I authenticate hadoop manually using kerberos
Posted by Oh Seok Keun <oh...@gmail.com>.
Thank you for the advices.
But I can't login.
Here is my code.
How can I login to hadoop cluster with my kerberos principal at remote
server.
# Code
Configuration config = new Configuration();
config.set("fs.default.name", "hdfs://myhadoop:9000");
SecurityUtil.login(config, "/usr/local/myhadoop/files/tester.keytab",
"tester");
FileSystem fs = FileSystem.get(config);
Path path = new Path(fs.getHomeDirectory().toString() + "/aaa");
fs.mkdirs(path);
# Error
12/11/29 18:02:15 ERROR security.UserGroupInformation:
PriviledgedActionException as:bigpack
cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Failed to
find any Kerberos tgt)]
12/11/29 18:02:15 WARN ipc.Client: Exception encountered while connecting
to the server : javax.security.sasl.SaslException: GSS initiate failed
[Caused by GSSException: No valid credentials provided (Mechanism level:
Failed to find any Kerberos tgt)]
12/11/29 18:02:15 ERROR security.UserGroupInformation:
PriviledgedActionException as:bigpack cause:java.io.IOException:
javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Failed to
find any Kerberos tgt)]
thanks.
2012/11/28 Harsh J <ha...@cloudera.com>
> If the cluster is secured, it will demand kerberos credentials. There
> is no way to bypass this requirement (and it wouldn't make sense to
> allow such a thing either).
>
> If you do have a keytab file, and are wishing to automate the login by
> knowing the keytab path, you can use the SecurityUtil.login(…) API:
>
> http://hadoop.apache.org/docs/stable/api/org/apache/hadoop/security/SecurityUtil.html#login(org.apache.hadoop.conf.Configuration,%20java.lang.String,%20java.lang.String)
>
> On Wed, Nov 28, 2012 at 2:27 PM, Oh Seok Keun <oh...@gmail.com> wrote:
> > HI.
> >
> > I set my hadoop cluster to security enable using kerberos.
> > Can I login to the hadoop cluster without execute kinit command?
> > I can't find hadoop api that I use kerberos principal (manually set
> > username and password) instead cached ticket.
> > How can I use hadoop api for that.
> >
> > thanks.
> >
> > --
> > -----------------------------
> > ohsg74@gmail.com
> > H.P.: 010-2534-6795
> > ------------------------------
>
>
>
> --
> Harsh J
>
--
-----------------------------
ohsg74@gmail.com
H.P.: 010-2534-6795
------------------------------
Re: Could I authenticate hadoop manually using kerberos
Posted by Oh Seok Keun <oh...@gmail.com>.
Thank you for the advices.
But I can't login.
Here is my code.
How can I login to hadoop cluster with my kerberos principal at remote
server.
# Code
Configuration config = new Configuration();
config.set("fs.default.name", "hdfs://myhadoop:9000");
SecurityUtil.login(config, "/usr/local/myhadoop/files/tester.keytab",
"tester");
FileSystem fs = FileSystem.get(config);
Path path = new Path(fs.getHomeDirectory().toString() + "/aaa");
fs.mkdirs(path);
# Error
12/11/29 18:02:15 ERROR security.UserGroupInformation:
PriviledgedActionException as:bigpack
cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Failed to
find any Kerberos tgt)]
12/11/29 18:02:15 WARN ipc.Client: Exception encountered while connecting
to the server : javax.security.sasl.SaslException: GSS initiate failed
[Caused by GSSException: No valid credentials provided (Mechanism level:
Failed to find any Kerberos tgt)]
12/11/29 18:02:15 ERROR security.UserGroupInformation:
PriviledgedActionException as:bigpack cause:java.io.IOException:
javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Failed to
find any Kerberos tgt)]
thanks.
2012/11/28 Harsh J <ha...@cloudera.com>
> If the cluster is secured, it will demand kerberos credentials. There
> is no way to bypass this requirement (and it wouldn't make sense to
> allow such a thing either).
>
> If you do have a keytab file, and are wishing to automate the login by
> knowing the keytab path, you can use the SecurityUtil.login(…) API:
>
> http://hadoop.apache.org/docs/stable/api/org/apache/hadoop/security/SecurityUtil.html#login(org.apache.hadoop.conf.Configuration,%20java.lang.String,%20java.lang.String)
>
> On Wed, Nov 28, 2012 at 2:27 PM, Oh Seok Keun <oh...@gmail.com> wrote:
> > HI.
> >
> > I set my hadoop cluster to security enable using kerberos.
> > Can I login to the hadoop cluster without execute kinit command?
> > I can't find hadoop api that I use kerberos principal (manually set
> > username and password) instead cached ticket.
> > How can I use hadoop api for that.
> >
> > thanks.
> >
> > --
> > -----------------------------
> > ohsg74@gmail.com
> > H.P.: 010-2534-6795
> > ------------------------------
>
>
>
> --
> Harsh J
>
--
-----------------------------
ohsg74@gmail.com
H.P.: 010-2534-6795
------------------------------
Re: Could I authenticate hadoop manually using kerberos
Posted by Harsh J <ha...@cloudera.com>.
If the cluster is secured, it will demand kerberos credentials. There
is no way to bypass this requirement (and it wouldn't make sense to
allow such a thing either).
If you do have a keytab file, and are wishing to automate the login by
knowing the keytab path, you can use the SecurityUtil.login(…) API:
http://hadoop.apache.org/docs/stable/api/org/apache/hadoop/security/SecurityUtil.html#login(org.apache.hadoop.conf.Configuration,%20java.lang.String,%20java.lang.String)
On Wed, Nov 28, 2012 at 2:27 PM, Oh Seok Keun <oh...@gmail.com> wrote:
> HI.
>
> I set my hadoop cluster to security enable using kerberos.
> Can I login to the hadoop cluster without execute kinit command?
> I can't find hadoop api that I use kerberos principal (manually set
> username and password) instead cached ticket.
> How can I use hadoop api for that.
>
> thanks.
>
> --
> -----------------------------
> ohsg74@gmail.com
> H.P.: 010-2534-6795
> ------------------------------
--
Harsh J
Re: Could I authenticate hadoop manually using kerberos
Posted by Harsh J <ha...@cloudera.com>.
If the cluster is secured, it will demand kerberos credentials. There
is no way to bypass this requirement (and it wouldn't make sense to
allow such a thing either).
If you do have a keytab file, and are wishing to automate the login by
knowing the keytab path, you can use the SecurityUtil.login(…) API:
http://hadoop.apache.org/docs/stable/api/org/apache/hadoop/security/SecurityUtil.html#login(org.apache.hadoop.conf.Configuration,%20java.lang.String,%20java.lang.String)
On Wed, Nov 28, 2012 at 2:27 PM, Oh Seok Keun <oh...@gmail.com> wrote:
> HI.
>
> I set my hadoop cluster to security enable using kerberos.
> Can I login to the hadoop cluster without execute kinit command?
> I can't find hadoop api that I use kerberos principal (manually set
> username and password) instead cached ticket.
> How can I use hadoop api for that.
>
> thanks.
>
> --
> -----------------------------
> ohsg74@gmail.com
> H.P.: 010-2534-6795
> ------------------------------
--
Harsh J
Re: Could I authenticate hadoop manually using kerberos
Posted by Harsh J <ha...@cloudera.com>.
If the cluster is secured, it will demand kerberos credentials. There
is no way to bypass this requirement (and it wouldn't make sense to
allow such a thing either).
If you do have a keytab file, and are wishing to automate the login by
knowing the keytab path, you can use the SecurityUtil.login(…) API:
http://hadoop.apache.org/docs/stable/api/org/apache/hadoop/security/SecurityUtil.html#login(org.apache.hadoop.conf.Configuration,%20java.lang.String,%20java.lang.String)
On Wed, Nov 28, 2012 at 2:27 PM, Oh Seok Keun <oh...@gmail.com> wrote:
> HI.
>
> I set my hadoop cluster to security enable using kerberos.
> Can I login to the hadoop cluster without execute kinit command?
> I can't find hadoop api that I use kerberos principal (manually set
> username and password) instead cached ticket.
> How can I use hadoop api for that.
>
> thanks.
>
> --
> -----------------------------
> ohsg74@gmail.com
> H.P.: 010-2534-6795
> ------------------------------
--
Harsh J
Re: Could I authenticate hadoop manually using kerberos
Posted by Harsh J <ha...@cloudera.com>.
If the cluster is secured, it will demand kerberos credentials. There
is no way to bypass this requirement (and it wouldn't make sense to
allow such a thing either).
If you do have a keytab file, and are wishing to automate the login by
knowing the keytab path, you can use the SecurityUtil.login(…) API:
http://hadoop.apache.org/docs/stable/api/org/apache/hadoop/security/SecurityUtil.html#login(org.apache.hadoop.conf.Configuration,%20java.lang.String,%20java.lang.String)
On Wed, Nov 28, 2012 at 2:27 PM, Oh Seok Keun <oh...@gmail.com> wrote:
> HI.
>
> I set my hadoop cluster to security enable using kerberos.
> Can I login to the hadoop cluster without execute kinit command?
> I can't find hadoop api that I use kerberos principal (manually set
> username and password) instead cached ticket.
> How can I use hadoop api for that.
>
> thanks.
>
> --
> -----------------------------
> ohsg74@gmail.com
> H.P.: 010-2534-6795
> ------------------------------
--
Harsh J