what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Xiaohua Chen <xi...@gmail.com>]

Hi Experts,

I am new to Hadoop.  I would like to get some help from you:

Our current HDFS java client works fine with hadoop server which has
NO Kerberos security enabled. We use HDFS lib e.g.
org.apache.hadoop.fs.*.

 Now we need to change it to work with Kerberosed Hadoop server.  Can
you let me know what changes are needed ?

Thanks and regards,

Sophie

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Chris Nauroth <cn...@hortonworks.com>]

I'm not sure if this directly answers your question, but you might try
taking a look at issue HADOOP-9671 and the various issues that are linked
to it:

https://issues.apache.org/jira/browse/HADOOP-9671

Chris Nauroth
Hortonworks
http://hortonworks.com/



On Thu, Jul 17, 2014 at 4:30 PM, Xiaohua Chen <xi...@gmail.com>
wrote:

> Thanks Chris for the very helpful reply.  Now I understand the
> preferred way is to use kinit.
>
> Do you mind to share: what is the road map for Hadoop authentication
> in the near future ?  Specifically I understand the latest released
> hadoop supports Kerberos protocol for authentication, do you know if
> hadoop has any plan to support other authenticators in the foreseeable
> future?
>
> Thanks and regards!
>
> Sophie
>
>
> On Thu, Jul 17, 2014 at 4:14 PM, Chris Nauroth <cn...@hortonworks.com>
> wrote:
> > Hi Sophie,
> >
> > Yes, you could authenticate via SecurityUtil#login, which is a
> convenience
> > wrapper over UserGroupInformation#loginUserFromKeytab.  This is
> essentially
> > what daemons like the NameNode do.  However, you might find that it's
> best
> > overall to get kinit deployed to your client machines.  For example, the
> CLI
> > commands like "hdfs dfs -ls" aren't coded to do an explicit login like
> this,
> > so you'll really need kinit available if users on the client machines
> want
> > to use the CLI.
> >
> > Chris Nauroth
> > Hortonworks
> > http://hortonworks.com/
> >
> >
> >
> > On Thu, Jul 17, 2014 at 2:45 PM, Xiaohua Chen <xi...@gmail.com>
> > wrote:
> >>
> >> Hi Chris,
> >>
> >> Thank you very much for your reply.
> >>
> >> One more question:
> >> I come across org.apache.hadoop.security.SecurityUtil
> >>
> >> class(
> http://hadoop.apache.org/docs/stable1/api/index.html?org/apache/hadoop/security/SecurityUtil.html
> )
> >>  and it provides a couple of login methods e.g. login(Configuration
> >> conf, String keytabFileKey, String userNameKey) .   So if Kerberos
> >> kinit utility is not available from client workstation where our java
> >> client is deployed , do you think the above SecurityUtil.login(...)
> >> can help our application code to authenticate the user defined through
> >> the userNameKey argument  and its credential is provided through
> >> keyTab file ?
> >>
> >> Thanks again your help!
> >>
> >> Best Regards,
> >>
> >> Sophie
> >>
> >>
> >>
> >> On Thu, Jul 17, 2014 at 10:42 AM, Chris Nauroth
> >> <cn...@hortonworks.com> wrote:
> >> > Hello Sophie,
> >> >
> >> > If you're using the HDFS lib like you said (i.e. obtaining an instance
> >> > of
> >> > FileSystem and using its methods), then I expect your code will "just
> >> > work"
> >> > with no code changes required when you start running against a secure
> >> > cluster.  The work of switching to a secured deployment with Kerberos
> is
> >> > mostly a matter of configuration:
> >> >
> >> >
> >> >
> http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html
> >> >
> >> > This configuration is external to application code.
> >> >
> >> > Chris Nauroth
> >> > Hortonworks
> >> > http://hortonworks.com/
> >> >
> >> >
> >> >
> >> > On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xiaohua.chen@gmail.com
> >
> >> > wrote:
> >> >>
> >> >> Hi Experts,
> >> >>
> >> >> I am new to Hadoop.  I would like to get some help from you:
> >> >>
> >> >> Our current HDFS java client works fine with hadoop server which has
> >> >> NO Kerberos security enabled. We use HDFS lib e.g.
> >> >> org.apache.hadoop.fs.*.
> >> >>
> >> >>  Now we need to change it to work with Kerberosed Hadoop server.  Can
> >> >> you let me know what changes are needed ?
> >> >>
> >> >> Thanks and regards,
> >> >>
> >> >> Sophie
> >> >
> >> >
> >> >
> >> > CONFIDENTIALITY NOTICE
> >> > NOTICE: This message is intended for the use of the individual or
> entity
> >> > to
> >> > which it is addressed and may contain information that is
> confidential,
> >> > privileged and exempt from disclosure under applicable law. If the
> >> > reader of
> >> > this message is not the intended recipient, you are hereby notified
> that
> >> > any
> >> > printing, copying, dissemination, distribution, disclosure or
> forwarding
> >> > of
> >> > this communication is strictly prohibited. If you have received this
> >> > communication in error, please contact the sender immediately and
> delete
> >> > it
> >> > from your system. Thank You.
> >
> >
> >
> > CONFIDENTIALITY NOTICE
> > NOTICE: This message is intended for the use of the individual or entity
> to
> > which it is addressed and may contain information that is confidential,
> > privileged and exempt from disclosure under applicable law. If the
> reader of
> > this message is not the intended recipient, you are hereby notified that
> any
> > printing, copying, dissemination, distribution, disclosure or forwarding
> of
> > this communication is strictly prohibited. If you have received this
> > communication in error, please contact the sender immediately and delete
> it
> > from your system. Thank You.
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Chris Nauroth <cn...@hortonworks.com>]

I'm not sure if this directly answers your question, but you might try
taking a look at issue HADOOP-9671 and the various issues that are linked
to it:

https://issues.apache.org/jira/browse/HADOOP-9671

Chris Nauroth
Hortonworks
http://hortonworks.com/



On Thu, Jul 17, 2014 at 4:30 PM, Xiaohua Chen <xi...@gmail.com>
wrote:

> Thanks Chris for the very helpful reply.  Now I understand the
> preferred way is to use kinit.
>
> Do you mind to share: what is the road map for Hadoop authentication
> in the near future ?  Specifically I understand the latest released
> hadoop supports Kerberos protocol for authentication, do you know if
> hadoop has any plan to support other authenticators in the foreseeable
> future?
>
> Thanks and regards!
>
> Sophie
>
>
> On Thu, Jul 17, 2014 at 4:14 PM, Chris Nauroth <cn...@hortonworks.com>
> wrote:
> > Hi Sophie,
> >
> > Yes, you could authenticate via SecurityUtil#login, which is a
> convenience
> > wrapper over UserGroupInformation#loginUserFromKeytab.  This is
> essentially
> > what daemons like the NameNode do.  However, you might find that it's
> best
> > overall to get kinit deployed to your client machines.  For example, the
> CLI
> > commands like "hdfs dfs -ls" aren't coded to do an explicit login like
> this,
> > so you'll really need kinit available if users on the client machines
> want
> > to use the CLI.
> >
> > Chris Nauroth
> > Hortonworks
> > http://hortonworks.com/
> >
> >
> >
> > On Thu, Jul 17, 2014 at 2:45 PM, Xiaohua Chen <xi...@gmail.com>
> > wrote:
> >>
> >> Hi Chris,
> >>
> >> Thank you very much for your reply.
> >>
> >> One more question:
> >> I come across org.apache.hadoop.security.SecurityUtil
> >>
> >> class(
> http://hadoop.apache.org/docs/stable1/api/index.html?org/apache/hadoop/security/SecurityUtil.html
> )
> >>  and it provides a couple of login methods e.g. login(Configuration
> >> conf, String keytabFileKey, String userNameKey) .   So if Kerberos
> >> kinit utility is not available from client workstation where our java
> >> client is deployed , do you think the above SecurityUtil.login(...)
> >> can help our application code to authenticate the user defined through
> >> the userNameKey argument  and its credential is provided through
> >> keyTab file ?
> >>
> >> Thanks again your help!
> >>
> >> Best Regards,
> >>
> >> Sophie
> >>
> >>
> >>
> >> On Thu, Jul 17, 2014 at 10:42 AM, Chris Nauroth
> >> <cn...@hortonworks.com> wrote:
> >> > Hello Sophie,
> >> >
> >> > If you're using the HDFS lib like you said (i.e. obtaining an instance
> >> > of
> >> > FileSystem and using its methods), then I expect your code will "just
> >> > work"
> >> > with no code changes required when you start running against a secure
> >> > cluster.  The work of switching to a secured deployment with Kerberos
> is
> >> > mostly a matter of configuration:
> >> >
> >> >
> >> >
> http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html
> >> >
> >> > This configuration is external to application code.
> >> >
> >> > Chris Nauroth
> >> > Hortonworks
> >> > http://hortonworks.com/
> >> >
> >> >
> >> >
> >> > On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xiaohua.chen@gmail.com
> >
> >> > wrote:
> >> >>
> >> >> Hi Experts,
> >> >>
> >> >> I am new to Hadoop.  I would like to get some help from you:
> >> >>
> >> >> Our current HDFS java client works fine with hadoop server which has
> >> >> NO Kerberos security enabled. We use HDFS lib e.g.
> >> >> org.apache.hadoop.fs.*.
> >> >>
> >> >>  Now we need to change it to work with Kerberosed Hadoop server.  Can
> >> >> you let me know what changes are needed ?
> >> >>
> >> >> Thanks and regards,
> >> >>
> >> >> Sophie
> >> >
> >> >
> >> >
> >> > CONFIDENTIALITY NOTICE
> >> > NOTICE: This message is intended for the use of the individual or
> entity
> >> > to
> >> > which it is addressed and may contain information that is
> confidential,
> >> > privileged and exempt from disclosure under applicable law. If the
> >> > reader of
> >> > this message is not the intended recipient, you are hereby notified
> that
> >> > any
> >> > printing, copying, dissemination, distribution, disclosure or
> forwarding
> >> > of
> >> > this communication is strictly prohibited. If you have received this
> >> > communication in error, please contact the sender immediately and
> delete
> >> > it
> >> > from your system. Thank You.
> >
> >
> >
> > CONFIDENTIALITY NOTICE
> > NOTICE: This message is intended for the use of the individual or entity
> to
> > which it is addressed and may contain information that is confidential,
> > privileged and exempt from disclosure under applicable law. If the
> reader of
> > this message is not the intended recipient, you are hereby notified that
> any
> > printing, copying, dissemination, distribution, disclosure or forwarding
> of
> > this communication is strictly prohibited. If you have received this
> > communication in error, please contact the sender immediately and delete
> it
> > from your system. Thank You.
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Chris Nauroth <cn...@hortonworks.com>]

I'm not sure if this directly answers your question, but you might try
taking a look at issue HADOOP-9671 and the various issues that are linked
to it:

https://issues.apache.org/jira/browse/HADOOP-9671

Chris Nauroth
Hortonworks
http://hortonworks.com/



On Thu, Jul 17, 2014 at 4:30 PM, Xiaohua Chen <xi...@gmail.com>
wrote:

> Thanks Chris for the very helpful reply.  Now I understand the
> preferred way is to use kinit.
>
> Do you mind to share: what is the road map for Hadoop authentication
> in the near future ?  Specifically I understand the latest released
> hadoop supports Kerberos protocol for authentication, do you know if
> hadoop has any plan to support other authenticators in the foreseeable
> future?
>
> Thanks and regards!
>
> Sophie
>
>
> On Thu, Jul 17, 2014 at 4:14 PM, Chris Nauroth <cn...@hortonworks.com>
> wrote:
> > Hi Sophie,
> >
> > Yes, you could authenticate via SecurityUtil#login, which is a
> convenience
> > wrapper over UserGroupInformation#loginUserFromKeytab.  This is
> essentially
> > what daemons like the NameNode do.  However, you might find that it's
> best
> > overall to get kinit deployed to your client machines.  For example, the
> CLI
> > commands like "hdfs dfs -ls" aren't coded to do an explicit login like
> this,
> > so you'll really need kinit available if users on the client machines
> want
> > to use the CLI.
> >
> > Chris Nauroth
> > Hortonworks
> > http://hortonworks.com/
> >
> >
> >
> > On Thu, Jul 17, 2014 at 2:45 PM, Xiaohua Chen <xi...@gmail.com>
> > wrote:
> >>
> >> Hi Chris,
> >>
> >> Thank you very much for your reply.
> >>
> >> One more question:
> >> I come across org.apache.hadoop.security.SecurityUtil
> >>
> >> class(
> http://hadoop.apache.org/docs/stable1/api/index.html?org/apache/hadoop/security/SecurityUtil.html
> )
> >>  and it provides a couple of login methods e.g. login(Configuration
> >> conf, String keytabFileKey, String userNameKey) .   So if Kerberos
> >> kinit utility is not available from client workstation where our java
> >> client is deployed , do you think the above SecurityUtil.login(...)
> >> can help our application code to authenticate the user defined through
> >> the userNameKey argument  and its credential is provided through
> >> keyTab file ?
> >>
> >> Thanks again your help!
> >>
> >> Best Regards,
> >>
> >> Sophie
> >>
> >>
> >>
> >> On Thu, Jul 17, 2014 at 10:42 AM, Chris Nauroth
> >> <cn...@hortonworks.com> wrote:
> >> > Hello Sophie,
> >> >
> >> > If you're using the HDFS lib like you said (i.e. obtaining an instance
> >> > of
> >> > FileSystem and using its methods), then I expect your code will "just
> >> > work"
> >> > with no code changes required when you start running against a secure
> >> > cluster.  The work of switching to a secured deployment with Kerberos
> is
> >> > mostly a matter of configuration:
> >> >
> >> >
> >> >
> http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html
> >> >
> >> > This configuration is external to application code.
> >> >
> >> > Chris Nauroth
> >> > Hortonworks
> >> > http://hortonworks.com/
> >> >
> >> >
> >> >
> >> > On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xiaohua.chen@gmail.com
> >
> >> > wrote:
> >> >>
> >> >> Hi Experts,
> >> >>
> >> >> I am new to Hadoop.  I would like to get some help from you:
> >> >>
> >> >> Our current HDFS java client works fine with hadoop server which has
> >> >> NO Kerberos security enabled. We use HDFS lib e.g.
> >> >> org.apache.hadoop.fs.*.
> >> >>
> >> >>  Now we need to change it to work with Kerberosed Hadoop server.  Can
> >> >> you let me know what changes are needed ?
> >> >>
> >> >> Thanks and regards,
> >> >>
> >> >> Sophie
> >> >
> >> >
> >> >
> >> > CONFIDENTIALITY NOTICE
> >> > NOTICE: This message is intended for the use of the individual or
> entity
> >> > to
> >> > which it is addressed and may contain information that is
> confidential,
> >> > privileged and exempt from disclosure under applicable law. If the
> >> > reader of
> >> > this message is not the intended recipient, you are hereby notified
> that
> >> > any
> >> > printing, copying, dissemination, distribution, disclosure or
> forwarding
> >> > of
> >> > this communication is strictly prohibited. If you have received this
> >> > communication in error, please contact the sender immediately and
> delete
> >> > it
> >> > from your system. Thank You.
> >
> >
> >
> > CONFIDENTIALITY NOTICE
> > NOTICE: This message is intended for the use of the individual or entity
> to
> > which it is addressed and may contain information that is confidential,
> > privileged and exempt from disclosure under applicable law. If the
> reader of
> > this message is not the intended recipient, you are hereby notified that
> any
> > printing, copying, dissemination, distribution, disclosure or forwarding
> of
> > this communication is strictly prohibited. If you have received this
> > communication in error, please contact the sender immediately and delete
> it
> > from your system. Thank You.
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Chris Nauroth <cn...@hortonworks.com>]

I'm not sure if this directly answers your question, but you might try
taking a look at issue HADOOP-9671 and the various issues that are linked
to it:

https://issues.apache.org/jira/browse/HADOOP-9671

Chris Nauroth
Hortonworks
http://hortonworks.com/



On Thu, Jul 17, 2014 at 4:30 PM, Xiaohua Chen <xi...@gmail.com>
wrote:

> Thanks Chris for the very helpful reply.  Now I understand the
> preferred way is to use kinit.
>
> Do you mind to share: what is the road map for Hadoop authentication
> in the near future ?  Specifically I understand the latest released
> hadoop supports Kerberos protocol for authentication, do you know if
> hadoop has any plan to support other authenticators in the foreseeable
> future?
>
> Thanks and regards!
>
> Sophie
>
>
> On Thu, Jul 17, 2014 at 4:14 PM, Chris Nauroth <cn...@hortonworks.com>
> wrote:
> > Hi Sophie,
> >
> > Yes, you could authenticate via SecurityUtil#login, which is a
> convenience
> > wrapper over UserGroupInformation#loginUserFromKeytab.  This is
> essentially
> > what daemons like the NameNode do.  However, you might find that it's
> best
> > overall to get kinit deployed to your client machines.  For example, the
> CLI
> > commands like "hdfs dfs -ls" aren't coded to do an explicit login like
> this,
> > so you'll really need kinit available if users on the client machines
> want
> > to use the CLI.
> >
> > Chris Nauroth
> > Hortonworks
> > http://hortonworks.com/
> >
> >
> >
> > On Thu, Jul 17, 2014 at 2:45 PM, Xiaohua Chen <xi...@gmail.com>
> > wrote:
> >>
> >> Hi Chris,
> >>
> >> Thank you very much for your reply.
> >>
> >> One more question:
> >> I come across org.apache.hadoop.security.SecurityUtil
> >>
> >> class(
> http://hadoop.apache.org/docs/stable1/api/index.html?org/apache/hadoop/security/SecurityUtil.html
> )
> >>  and it provides a couple of login methods e.g. login(Configuration
> >> conf, String keytabFileKey, String userNameKey) .   So if Kerberos
> >> kinit utility is not available from client workstation where our java
> >> client is deployed , do you think the above SecurityUtil.login(...)
> >> can help our application code to authenticate the user defined through
> >> the userNameKey argument  and its credential is provided through
> >> keyTab file ?
> >>
> >> Thanks again your help!
> >>
> >> Best Regards,
> >>
> >> Sophie
> >>
> >>
> >>
> >> On Thu, Jul 17, 2014 at 10:42 AM, Chris Nauroth
> >> <cn...@hortonworks.com> wrote:
> >> > Hello Sophie,
> >> >
> >> > If you're using the HDFS lib like you said (i.e. obtaining an instance
> >> > of
> >> > FileSystem and using its methods), then I expect your code will "just
> >> > work"
> >> > with no code changes required when you start running against a secure
> >> > cluster.  The work of switching to a secured deployment with Kerberos
> is
> >> > mostly a matter of configuration:
> >> >
> >> >
> >> >
> http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html
> >> >
> >> > This configuration is external to application code.
> >> >
> >> > Chris Nauroth
> >> > Hortonworks
> >> > http://hortonworks.com/
> >> >
> >> >
> >> >
> >> > On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xiaohua.chen@gmail.com
> >
> >> > wrote:
> >> >>
> >> >> Hi Experts,
> >> >>
> >> >> I am new to Hadoop.  I would like to get some help from you:
> >> >>
> >> >> Our current HDFS java client works fine with hadoop server which has
> >> >> NO Kerberos security enabled. We use HDFS lib e.g.
> >> >> org.apache.hadoop.fs.*.
> >> >>
> >> >>  Now we need to change it to work with Kerberosed Hadoop server.  Can
> >> >> you let me know what changes are needed ?
> >> >>
> >> >> Thanks and regards,
> >> >>
> >> >> Sophie
> >> >
> >> >
> >> >
> >> > CONFIDENTIALITY NOTICE
> >> > NOTICE: This message is intended for the use of the individual or
> entity
> >> > to
> >> > which it is addressed and may contain information that is
> confidential,
> >> > privileged and exempt from disclosure under applicable law. If the
> >> > reader of
> >> > this message is not the intended recipient, you are hereby notified
> that
> >> > any
> >> > printing, copying, dissemination, distribution, disclosure or
> forwarding
> >> > of
> >> > this communication is strictly prohibited. If you have received this
> >> > communication in error, please contact the sender immediately and
> delete
> >> > it
> >> > from your system. Thank You.
> >
> >
> >
> > CONFIDENTIALITY NOTICE
> > NOTICE: This message is intended for the use of the individual or entity
> to
> > which it is addressed and may contain information that is confidential,
> > privileged and exempt from disclosure under applicable law. If the
> reader of
> > this message is not the intended recipient, you are hereby notified that
> any
> > printing, copying, dissemination, distribution, disclosure or forwarding
> of
> > this communication is strictly prohibited. If you have received this
> > communication in error, please contact the sender immediately and delete
> it
> > from your system. Thank You.
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Xiaohua Chen <xi...@gmail.com>]

Thanks Chris for the very helpful reply.  Now I understand the
preferred way is to use kinit.

Do you mind to share: what is the road map for Hadoop authentication
in the near future ?  Specifically I understand the latest released
hadoop supports Kerberos protocol for authentication, do you know if
hadoop has any plan to support other authenticators in the foreseeable
future?

Thanks and regards!

Sophie


On Thu, Jul 17, 2014 at 4:14 PM, Chris Nauroth <cn...@hortonworks.com> wrote:
> Hi Sophie,
>
> Yes, you could authenticate via SecurityUtil#login, which is a convenience
> wrapper over UserGroupInformation#loginUserFromKeytab.  This is essentially
> what daemons like the NameNode do.  However, you might find that it's best
> overall to get kinit deployed to your client machines.  For example, the CLI
> commands like "hdfs dfs -ls" aren't coded to do an explicit login like this,
> so you'll really need kinit available if users on the client machines want
> to use the CLI.
>
> Chris Nauroth
> Hortonworks
> http://hortonworks.com/
>
>
>
> On Thu, Jul 17, 2014 at 2:45 PM, Xiaohua Chen <xi...@gmail.com>
> wrote:
>>
>> Hi Chris,
>>
>> Thank you very much for your reply.
>>
>> One more question:
>> I come across org.apache.hadoop.security.SecurityUtil
>>
>> class(http://hadoop.apache.org/docs/stable1/api/index.html?org/apache/hadoop/security/SecurityUtil.html)
>>  and it provides a couple of login methods e.g. login(Configuration
>> conf, String keytabFileKey, String userNameKey) .   So if Kerberos
>> kinit utility is not available from client workstation where our java
>> client is deployed , do you think the above SecurityUtil.login(...)
>> can help our application code to authenticate the user defined through
>> the userNameKey argument  and its credential is provided through
>> keyTab file ?
>>
>> Thanks again your help!
>>
>> Best Regards,
>>
>> Sophie
>>
>>
>>
>> On Thu, Jul 17, 2014 at 10:42 AM, Chris Nauroth
>> <cn...@hortonworks.com> wrote:
>> > Hello Sophie,
>> >
>> > If you're using the HDFS lib like you said (i.e. obtaining an instance
>> > of
>> > FileSystem and using its methods), then I expect your code will "just
>> > work"
>> > with no code changes required when you start running against a secure
>> > cluster.  The work of switching to a secured deployment with Kerberos is
>> > mostly a matter of configuration:
>> >
>> >
>> > http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html
>> >
>> > This configuration is external to application code.
>> >
>> > Chris Nauroth
>> > Hortonworks
>> > http://hortonworks.com/
>> >
>> >
>> >
>> > On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xi...@gmail.com>
>> > wrote:
>> >>
>> >> Hi Experts,
>> >>
>> >> I am new to Hadoop.  I would like to get some help from you:
>> >>
>> >> Our current HDFS java client works fine with hadoop server which has
>> >> NO Kerberos security enabled. We use HDFS lib e.g.
>> >> org.apache.hadoop.fs.*.
>> >>
>> >>  Now we need to change it to work with Kerberosed Hadoop server.  Can
>> >> you let me know what changes are needed ?
>> >>
>> >> Thanks and regards,
>> >>
>> >> Sophie
>> >
>> >
>> >
>> > CONFIDENTIALITY NOTICE
>> > NOTICE: This message is intended for the use of the individual or entity
>> > to
>> > which it is addressed and may contain information that is confidential,
>> > privileged and exempt from disclosure under applicable law. If the
>> > reader of
>> > this message is not the intended recipient, you are hereby notified that
>> > any
>> > printing, copying, dissemination, distribution, disclosure or forwarding
>> > of
>> > this communication is strictly prohibited. If you have received this
>> > communication in error, please contact the sender immediately and delete
>> > it
>> > from your system. Thank You.
>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader of
> this message is not the intended recipient, you are hereby notified that any
> printing, copying, dissemination, distribution, disclosure or forwarding of
> this communication is strictly prohibited. If you have received this
> communication in error, please contact the sender immediately and delete it
> from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Xiaohua Chen <xi...@gmail.com>]

Thanks Chris for the very helpful reply.  Now I understand the
preferred way is to use kinit.

Do you mind to share: what is the road map for Hadoop authentication
in the near future ?  Specifically I understand the latest released
hadoop supports Kerberos protocol for authentication, do you know if
hadoop has any plan to support other authenticators in the foreseeable
future?

Thanks and regards!

Sophie


On Thu, Jul 17, 2014 at 4:14 PM, Chris Nauroth <cn...@hortonworks.com> wrote:
> Hi Sophie,
>
> Yes, you could authenticate via SecurityUtil#login, which is a convenience
> wrapper over UserGroupInformation#loginUserFromKeytab.  This is essentially
> what daemons like the NameNode do.  However, you might find that it's best
> overall to get kinit deployed to your client machines.  For example, the CLI
> commands like "hdfs dfs -ls" aren't coded to do an explicit login like this,
> so you'll really need kinit available if users on the client machines want
> to use the CLI.
>
> Chris Nauroth
> Hortonworks
> http://hortonworks.com/
>
>
>
> On Thu, Jul 17, 2014 at 2:45 PM, Xiaohua Chen <xi...@gmail.com>
> wrote:
>>
>> Hi Chris,
>>
>> Thank you very much for your reply.
>>
>> One more question:
>> I come across org.apache.hadoop.security.SecurityUtil
>>
>> class(http://hadoop.apache.org/docs/stable1/api/index.html?org/apache/hadoop/security/SecurityUtil.html)
>>  and it provides a couple of login methods e.g. login(Configuration
>> conf, String keytabFileKey, String userNameKey) .   So if Kerberos
>> kinit utility is not available from client workstation where our java
>> client is deployed , do you think the above SecurityUtil.login(...)
>> can help our application code to authenticate the user defined through
>> the userNameKey argument  and its credential is provided through
>> keyTab file ?
>>
>> Thanks again your help!
>>
>> Best Regards,
>>
>> Sophie
>>
>>
>>
>> On Thu, Jul 17, 2014 at 10:42 AM, Chris Nauroth
>> <cn...@hortonworks.com> wrote:
>> > Hello Sophie,
>> >
>> > If you're using the HDFS lib like you said (i.e. obtaining an instance
>> > of
>> > FileSystem and using its methods), then I expect your code will "just
>> > work"
>> > with no code changes required when you start running against a secure
>> > cluster.  The work of switching to a secured deployment with Kerberos is
>> > mostly a matter of configuration:
>> >
>> >
>> > http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html
>> >
>> > This configuration is external to application code.
>> >
>> > Chris Nauroth
>> > Hortonworks
>> > http://hortonworks.com/
>> >
>> >
>> >
>> > On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xi...@gmail.com>
>> > wrote:
>> >>
>> >> Hi Experts,
>> >>
>> >> I am new to Hadoop.  I would like to get some help from you:
>> >>
>> >> Our current HDFS java client works fine with hadoop server which has
>> >> NO Kerberos security enabled. We use HDFS lib e.g.
>> >> org.apache.hadoop.fs.*.
>> >>
>> >>  Now we need to change it to work with Kerberosed Hadoop server.  Can
>> >> you let me know what changes are needed ?
>> >>
>> >> Thanks and regards,
>> >>
>> >> Sophie
>> >
>> >
>> >
>> > CONFIDENTIALITY NOTICE
>> > NOTICE: This message is intended for the use of the individual or entity
>> > to
>> > which it is addressed and may contain information that is confidential,
>> > privileged and exempt from disclosure under applicable law. If the
>> > reader of
>> > this message is not the intended recipient, you are hereby notified that
>> > any
>> > printing, copying, dissemination, distribution, disclosure or forwarding
>> > of
>> > this communication is strictly prohibited. If you have received this
>> > communication in error, please contact the sender immediately and delete
>> > it
>> > from your system. Thank You.
>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader of
> this message is not the intended recipient, you are hereby notified that any
> printing, copying, dissemination, distribution, disclosure or forwarding of
> this communication is strictly prohibited. If you have received this
> communication in error, please contact the sender immediately and delete it
> from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Xiaohua Chen <xi...@gmail.com>]

Thanks Chris for the very helpful reply.  Now I understand the
preferred way is to use kinit.

Do you mind to share: what is the road map for Hadoop authentication
in the near future ?  Specifically I understand the latest released
hadoop supports Kerberos protocol for authentication, do you know if
hadoop has any plan to support other authenticators in the foreseeable
future?

Thanks and regards!

Sophie


On Thu, Jul 17, 2014 at 4:14 PM, Chris Nauroth <cn...@hortonworks.com> wrote:
> Hi Sophie,
>
> Yes, you could authenticate via SecurityUtil#login, which is a convenience
> wrapper over UserGroupInformation#loginUserFromKeytab.  This is essentially
> what daemons like the NameNode do.  However, you might find that it's best
> overall to get kinit deployed to your client machines.  For example, the CLI
> commands like "hdfs dfs -ls" aren't coded to do an explicit login like this,
> so you'll really need kinit available if users on the client machines want
> to use the CLI.
>
> Chris Nauroth
> Hortonworks
> http://hortonworks.com/
>
>
>
> On Thu, Jul 17, 2014 at 2:45 PM, Xiaohua Chen <xi...@gmail.com>
> wrote:
>>
>> Hi Chris,
>>
>> Thank you very much for your reply.
>>
>> One more question:
>> I come across org.apache.hadoop.security.SecurityUtil
>>
>> class(http://hadoop.apache.org/docs/stable1/api/index.html?org/apache/hadoop/security/SecurityUtil.html)
>>  and it provides a couple of login methods e.g. login(Configuration
>> conf, String keytabFileKey, String userNameKey) .   So if Kerberos
>> kinit utility is not available from client workstation where our java
>> client is deployed , do you think the above SecurityUtil.login(...)
>> can help our application code to authenticate the user defined through
>> the userNameKey argument  and its credential is provided through
>> keyTab file ?
>>
>> Thanks again your help!
>>
>> Best Regards,
>>
>> Sophie
>>
>>
>>
>> On Thu, Jul 17, 2014 at 10:42 AM, Chris Nauroth
>> <cn...@hortonworks.com> wrote:
>> > Hello Sophie,
>> >
>> > If you're using the HDFS lib like you said (i.e. obtaining an instance
>> > of
>> > FileSystem and using its methods), then I expect your code will "just
>> > work"
>> > with no code changes required when you start running against a secure
>> > cluster.  The work of switching to a secured deployment with Kerberos is
>> > mostly a matter of configuration:
>> >
>> >
>> > http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html
>> >
>> > This configuration is external to application code.
>> >
>> > Chris Nauroth
>> > Hortonworks
>> > http://hortonworks.com/
>> >
>> >
>> >
>> > On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xi...@gmail.com>
>> > wrote:
>> >>
>> >> Hi Experts,
>> >>
>> >> I am new to Hadoop.  I would like to get some help from you:
>> >>
>> >> Our current HDFS java client works fine with hadoop server which has
>> >> NO Kerberos security enabled. We use HDFS lib e.g.
>> >> org.apache.hadoop.fs.*.
>> >>
>> >>  Now we need to change it to work with Kerberosed Hadoop server.  Can
>> >> you let me know what changes are needed ?
>> >>
>> >> Thanks and regards,
>> >>
>> >> Sophie
>> >
>> >
>> >
>> > CONFIDENTIALITY NOTICE
>> > NOTICE: This message is intended for the use of the individual or entity
>> > to
>> > which it is addressed and may contain information that is confidential,
>> > privileged and exempt from disclosure under applicable law. If the
>> > reader of
>> > this message is not the intended recipient, you are hereby notified that
>> > any
>> > printing, copying, dissemination, distribution, disclosure or forwarding
>> > of
>> > this communication is strictly prohibited. If you have received this
>> > communication in error, please contact the sender immediately and delete
>> > it
>> > from your system. Thank You.
>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader of
> this message is not the intended recipient, you are hereby notified that any
> printing, copying, dissemination, distribution, disclosure or forwarding of
> this communication is strictly prohibited. If you have received this
> communication in error, please contact the sender immediately and delete it
> from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Xiaohua Chen <xi...@gmail.com>]

Thanks Chris for the very helpful reply.  Now I understand the
preferred way is to use kinit.

Do you mind to share: what is the road map for Hadoop authentication
in the near future ?  Specifically I understand the latest released
hadoop supports Kerberos protocol for authentication, do you know if
hadoop has any plan to support other authenticators in the foreseeable
future?

Thanks and regards!

Sophie


On Thu, Jul 17, 2014 at 4:14 PM, Chris Nauroth <cn...@hortonworks.com> wrote:
> Hi Sophie,
>
> Yes, you could authenticate via SecurityUtil#login, which is a convenience
> wrapper over UserGroupInformation#loginUserFromKeytab.  This is essentially
> what daemons like the NameNode do.  However, you might find that it's best
> overall to get kinit deployed to your client machines.  For example, the CLI
> commands like "hdfs dfs -ls" aren't coded to do an explicit login like this,
> so you'll really need kinit available if users on the client machines want
> to use the CLI.
>
> Chris Nauroth
> Hortonworks
> http://hortonworks.com/
>
>
>
> On Thu, Jul 17, 2014 at 2:45 PM, Xiaohua Chen <xi...@gmail.com>
> wrote:
>>
>> Hi Chris,
>>
>> Thank you very much for your reply.
>>
>> One more question:
>> I come across org.apache.hadoop.security.SecurityUtil
>>
>> class(http://hadoop.apache.org/docs/stable1/api/index.html?org/apache/hadoop/security/SecurityUtil.html)
>>  and it provides a couple of login methods e.g. login(Configuration
>> conf, String keytabFileKey, String userNameKey) .   So if Kerberos
>> kinit utility is not available from client workstation where our java
>> client is deployed , do you think the above SecurityUtil.login(...)
>> can help our application code to authenticate the user defined through
>> the userNameKey argument  and its credential is provided through
>> keyTab file ?
>>
>> Thanks again your help!
>>
>> Best Regards,
>>
>> Sophie
>>
>>
>>
>> On Thu, Jul 17, 2014 at 10:42 AM, Chris Nauroth
>> <cn...@hortonworks.com> wrote:
>> > Hello Sophie,
>> >
>> > If you're using the HDFS lib like you said (i.e. obtaining an instance
>> > of
>> > FileSystem and using its methods), then I expect your code will "just
>> > work"
>> > with no code changes required when you start running against a secure
>> > cluster.  The work of switching to a secured deployment with Kerberos is
>> > mostly a matter of configuration:
>> >
>> >
>> > http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html
>> >
>> > This configuration is external to application code.
>> >
>> > Chris Nauroth
>> > Hortonworks
>> > http://hortonworks.com/
>> >
>> >
>> >
>> > On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xi...@gmail.com>
>> > wrote:
>> >>
>> >> Hi Experts,
>> >>
>> >> I am new to Hadoop.  I would like to get some help from you:
>> >>
>> >> Our current HDFS java client works fine with hadoop server which has
>> >> NO Kerberos security enabled. We use HDFS lib e.g.
>> >> org.apache.hadoop.fs.*.
>> >>
>> >>  Now we need to change it to work with Kerberosed Hadoop server.  Can
>> >> you let me know what changes are needed ?
>> >>
>> >> Thanks and regards,
>> >>
>> >> Sophie
>> >
>> >
>> >
>> > CONFIDENTIALITY NOTICE
>> > NOTICE: This message is intended for the use of the individual or entity
>> > to
>> > which it is addressed and may contain information that is confidential,
>> > privileged and exempt from disclosure under applicable law. If the
>> > reader of
>> > this message is not the intended recipient, you are hereby notified that
>> > any
>> > printing, copying, dissemination, distribution, disclosure or forwarding
>> > of
>> > this communication is strictly prohibited. If you have received this
>> > communication in error, please contact the sender immediately and delete
>> > it
>> > from your system. Thank You.
>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader of
> this message is not the intended recipient, you are hereby notified that any
> printing, copying, dissemination, distribution, disclosure or forwarding of
> this communication is strictly prohibited. If you have received this
> communication in error, please contact the sender immediately and delete it
> from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Chris Nauroth <cn...@hortonworks.com>]

Hi Sophie,

Yes, you could authenticate via SecurityUtil#login, which is a convenience
wrapper over UserGroupInformation#loginUserFromKeytab.  This is essentially
what daemons like the NameNode do.  However, you might find that it's best
overall to get kinit deployed to your client machines.  For example, the
CLI commands like "hdfs dfs -ls" aren't coded to do an explicit login like
this, so you'll really need kinit available if users on the client machines
want to use the CLI.

Chris Nauroth
Hortonworks
http://hortonworks.com/



On Thu, Jul 17, 2014 at 2:45 PM, Xiaohua Chen <xi...@gmail.com>
wrote:

> Hi Chris,
>
> Thank you very much for your reply.
>
> One more question:
> I come across org.apache.hadoop.security.SecurityUtil
> class(
> http://hadoop.apache.org/docs/stable1/api/index.html?org/apache/hadoop/security/SecurityUtil.html
> )
>  and it provides a couple of login methods e.g. login(Configuration
> conf, String keytabFileKey, String userNameKey) .   So if Kerberos
> kinit utility is not available from client workstation where our java
> client is deployed , do you think the above SecurityUtil.login(...)
> can help our application code to authenticate the user defined through
> the userNameKey argument  and its credential is provided through
> keyTab file ?
>
> Thanks again your help!
>
> Best Regards,
>
> Sophie
>
>
>
> On Thu, Jul 17, 2014 at 10:42 AM, Chris Nauroth
> <cn...@hortonworks.com> wrote:
> > Hello Sophie,
> >
> > If you're using the HDFS lib like you said (i.e. obtaining an instance of
> > FileSystem and using its methods), then I expect your code will "just
> work"
> > with no code changes required when you start running against a secure
> > cluster.  The work of switching to a secured deployment with Kerberos is
> > mostly a matter of configuration:
> >
> >
> http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html
> >
> > This configuration is external to application code.
> >
> > Chris Nauroth
> > Hortonworks
> > http://hortonworks.com/
> >
> >
> >
> > On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xi...@gmail.com>
> > wrote:
> >>
> >> Hi Experts,
> >>
> >> I am new to Hadoop.  I would like to get some help from you:
> >>
> >> Our current HDFS java client works fine with hadoop server which has
> >> NO Kerberos security enabled. We use HDFS lib e.g.
> >> org.apache.hadoop.fs.*.
> >>
> >>  Now we need to change it to work with Kerberosed Hadoop server.  Can
> >> you let me know what changes are needed ?
> >>
> >> Thanks and regards,
> >>
> >> Sophie
> >
> >
> >
> > CONFIDENTIALITY NOTICE
> > NOTICE: This message is intended for the use of the individual or entity
> to
> > which it is addressed and may contain information that is confidential,
> > privileged and exempt from disclosure under applicable law. If the
> reader of
> > this message is not the intended recipient, you are hereby notified that
> any
> > printing, copying, dissemination, distribution, disclosure or forwarding
> of
> > this communication is strictly prohibited. If you have received this
> > communication in error, please contact the sender immediately and delete
> it
> > from your system. Thank You.
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Chris Nauroth <cn...@hortonworks.com>]

Hi Sophie,

Yes, you could authenticate via SecurityUtil#login, which is a convenience
wrapper over UserGroupInformation#loginUserFromKeytab.  This is essentially
what daemons like the NameNode do.  However, you might find that it's best
overall to get kinit deployed to your client machines.  For example, the
CLI commands like "hdfs dfs -ls" aren't coded to do an explicit login like
this, so you'll really need kinit available if users on the client machines
want to use the CLI.

Chris Nauroth
Hortonworks
http://hortonworks.com/



On Thu, Jul 17, 2014 at 2:45 PM, Xiaohua Chen <xi...@gmail.com>
wrote:

> Hi Chris,
>
> Thank you very much for your reply.
>
> One more question:
> I come across org.apache.hadoop.security.SecurityUtil
> class(
> http://hadoop.apache.org/docs/stable1/api/index.html?org/apache/hadoop/security/SecurityUtil.html
> )
>  and it provides a couple of login methods e.g. login(Configuration
> conf, String keytabFileKey, String userNameKey) .   So if Kerberos
> kinit utility is not available from client workstation where our java
> client is deployed , do you think the above SecurityUtil.login(...)
> can help our application code to authenticate the user defined through
> the userNameKey argument  and its credential is provided through
> keyTab file ?
>
> Thanks again your help!
>
> Best Regards,
>
> Sophie
>
>
>
> On Thu, Jul 17, 2014 at 10:42 AM, Chris Nauroth
> <cn...@hortonworks.com> wrote:
> > Hello Sophie,
> >
> > If you're using the HDFS lib like you said (i.e. obtaining an instance of
> > FileSystem and using its methods), then I expect your code will "just
> work"
> > with no code changes required when you start running against a secure
> > cluster.  The work of switching to a secured deployment with Kerberos is
> > mostly a matter of configuration:
> >
> >
> http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html
> >
> > This configuration is external to application code.
> >
> > Chris Nauroth
> > Hortonworks
> > http://hortonworks.com/
> >
> >
> >
> > On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xi...@gmail.com>
> > wrote:
> >>
> >> Hi Experts,
> >>
> >> I am new to Hadoop.  I would like to get some help from you:
> >>
> >> Our current HDFS java client works fine with hadoop server which has
> >> NO Kerberos security enabled. We use HDFS lib e.g.
> >> org.apache.hadoop.fs.*.
> >>
> >>  Now we need to change it to work with Kerberosed Hadoop server.  Can
> >> you let me know what changes are needed ?
> >>
> >> Thanks and regards,
> >>
> >> Sophie
> >
> >
> >
> > CONFIDENTIALITY NOTICE
> > NOTICE: This message is intended for the use of the individual or entity
> to
> > which it is addressed and may contain information that is confidential,
> > privileged and exempt from disclosure under applicable law. If the
> reader of
> > this message is not the intended recipient, you are hereby notified that
> any
> > printing, copying, dissemination, distribution, disclosure or forwarding
> of
> > this communication is strictly prohibited. If you have received this
> > communication in error, please contact the sender immediately and delete
> it
> > from your system. Thank You.
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Chris Nauroth <cn...@hortonworks.com>]

Hi Sophie,

Yes, you could authenticate via SecurityUtil#login, which is a convenience
wrapper over UserGroupInformation#loginUserFromKeytab.  This is essentially
what daemons like the NameNode do.  However, you might find that it's best
overall to get kinit deployed to your client machines.  For example, the
CLI commands like "hdfs dfs -ls" aren't coded to do an explicit login like
this, so you'll really need kinit available if users on the client machines
want to use the CLI.

Chris Nauroth
Hortonworks
http://hortonworks.com/



On Thu, Jul 17, 2014 at 2:45 PM, Xiaohua Chen <xi...@gmail.com>
wrote:

> Hi Chris,
>
> Thank you very much for your reply.
>
> One more question:
> I come across org.apache.hadoop.security.SecurityUtil
> class(
> http://hadoop.apache.org/docs/stable1/api/index.html?org/apache/hadoop/security/SecurityUtil.html
> )
>  and it provides a couple of login methods e.g. login(Configuration
> conf, String keytabFileKey, String userNameKey) .   So if Kerberos
> kinit utility is not available from client workstation where our java
> client is deployed , do you think the above SecurityUtil.login(...)
> can help our application code to authenticate the user defined through
> the userNameKey argument  and its credential is provided through
> keyTab file ?
>
> Thanks again your help!
>
> Best Regards,
>
> Sophie
>
>
>
> On Thu, Jul 17, 2014 at 10:42 AM, Chris Nauroth
> <cn...@hortonworks.com> wrote:
> > Hello Sophie,
> >
> > If you're using the HDFS lib like you said (i.e. obtaining an instance of
> > FileSystem and using its methods), then I expect your code will "just
> work"
> > with no code changes required when you start running against a secure
> > cluster.  The work of switching to a secured deployment with Kerberos is
> > mostly a matter of configuration:
> >
> >
> http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html
> >
> > This configuration is external to application code.
> >
> > Chris Nauroth
> > Hortonworks
> > http://hortonworks.com/
> >
> >
> >
> > On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xi...@gmail.com>
> > wrote:
> >>
> >> Hi Experts,
> >>
> >> I am new to Hadoop.  I would like to get some help from you:
> >>
> >> Our current HDFS java client works fine with hadoop server which has
> >> NO Kerberos security enabled. We use HDFS lib e.g.
> >> org.apache.hadoop.fs.*.
> >>
> >>  Now we need to change it to work with Kerberosed Hadoop server.  Can
> >> you let me know what changes are needed ?
> >>
> >> Thanks and regards,
> >>
> >> Sophie
> >
> >
> >
> > CONFIDENTIALITY NOTICE
> > NOTICE: This message is intended for the use of the individual or entity
> to
> > which it is addressed and may contain information that is confidential,
> > privileged and exempt from disclosure under applicable law. If the
> reader of
> > this message is not the intended recipient, you are hereby notified that
> any
> > printing, copying, dissemination, distribution, disclosure or forwarding
> of
> > this communication is strictly prohibited. If you have received this
> > communication in error, please contact the sender immediately and delete
> it
> > from your system. Thank You.
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Chris Nauroth <cn...@hortonworks.com>]

Hi Sophie,

Yes, you could authenticate via SecurityUtil#login, which is a convenience
wrapper over UserGroupInformation#loginUserFromKeytab.  This is essentially
what daemons like the NameNode do.  However, you might find that it's best
overall to get kinit deployed to your client machines.  For example, the
CLI commands like "hdfs dfs -ls" aren't coded to do an explicit login like
this, so you'll really need kinit available if users on the client machines
want to use the CLI.

Chris Nauroth
Hortonworks
http://hortonworks.com/



On Thu, Jul 17, 2014 at 2:45 PM, Xiaohua Chen <xi...@gmail.com>
wrote:

> Hi Chris,
>
> Thank you very much for your reply.
>
> One more question:
> I come across org.apache.hadoop.security.SecurityUtil
> class(
> http://hadoop.apache.org/docs/stable1/api/index.html?org/apache/hadoop/security/SecurityUtil.html
> )
>  and it provides a couple of login methods e.g. login(Configuration
> conf, String keytabFileKey, String userNameKey) .   So if Kerberos
> kinit utility is not available from client workstation where our java
> client is deployed , do you think the above SecurityUtil.login(...)
> can help our application code to authenticate the user defined through
> the userNameKey argument  and its credential is provided through
> keyTab file ?
>
> Thanks again your help!
>
> Best Regards,
>
> Sophie
>
>
>
> On Thu, Jul 17, 2014 at 10:42 AM, Chris Nauroth
> <cn...@hortonworks.com> wrote:
> > Hello Sophie,
> >
> > If you're using the HDFS lib like you said (i.e. obtaining an instance of
> > FileSystem and using its methods), then I expect your code will "just
> work"
> > with no code changes required when you start running against a secure
> > cluster.  The work of switching to a secured deployment with Kerberos is
> > mostly a matter of configuration:
> >
> >
> http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html
> >
> > This configuration is external to application code.
> >
> > Chris Nauroth
> > Hortonworks
> > http://hortonworks.com/
> >
> >
> >
> > On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xi...@gmail.com>
> > wrote:
> >>
> >> Hi Experts,
> >>
> >> I am new to Hadoop.  I would like to get some help from you:
> >>
> >> Our current HDFS java client works fine with hadoop server which has
> >> NO Kerberos security enabled. We use HDFS lib e.g.
> >> org.apache.hadoop.fs.*.
> >>
> >>  Now we need to change it to work with Kerberosed Hadoop server.  Can
> >> you let me know what changes are needed ?
> >>
> >> Thanks and regards,
> >>
> >> Sophie
> >
> >
> >
> > CONFIDENTIALITY NOTICE
> > NOTICE: This message is intended for the use of the individual or entity
> to
> > which it is addressed and may contain information that is confidential,
> > privileged and exempt from disclosure under applicable law. If the
> reader of
> > this message is not the intended recipient, you are hereby notified that
> any
> > printing, copying, dissemination, distribution, disclosure or forwarding
> of
> > this communication is strictly prohibited. If you have received this
> > communication in error, please contact the sender immediately and delete
> it
> > from your system. Thank You.
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Xiaohua Chen <xi...@gmail.com>]

Hi Chris,

Thank you very much for your reply.

One more question:
I come across org.apache.hadoop.security.SecurityUtil
class(http://hadoop.apache.org/docs/stable1/api/index.html?org/apache/hadoop/security/SecurityUtil.html)
 and it provides a couple of login methods e.g. login(Configuration
conf, String keytabFileKey, String userNameKey) .   So if Kerberos
kinit utility is not available from client workstation where our java
client is deployed , do you think the above SecurityUtil.login(...)
can help our application code to authenticate the user defined through
the userNameKey argument  and its credential is provided through
keyTab file ?

Thanks again your help!

Best Regards,

Sophie



On Thu, Jul 17, 2014 at 10:42 AM, Chris Nauroth
<cn...@hortonworks.com> wrote:
> Hello Sophie,
>
> If you're using the HDFS lib like you said (i.e. obtaining an instance of
> FileSystem and using its methods), then I expect your code will "just work"
> with no code changes required when you start running against a secure
> cluster.  The work of switching to a secured deployment with Kerberos is
> mostly a matter of configuration:
>
> http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html
>
> This configuration is external to application code.
>
> Chris Nauroth
> Hortonworks
> http://hortonworks.com/
>
>
>
> On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xi...@gmail.com>
> wrote:
>>
>> Hi Experts,
>>
>> I am new to Hadoop.  I would like to get some help from you:
>>
>> Our current HDFS java client works fine with hadoop server which has
>> NO Kerberos security enabled. We use HDFS lib e.g.
>> org.apache.hadoop.fs.*.
>>
>>  Now we need to change it to work with Kerberosed Hadoop server.  Can
>> you let me know what changes are needed ?
>>
>> Thanks and regards,
>>
>> Sophie
>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader of
> this message is not the intended recipient, you are hereby notified that any
> printing, copying, dissemination, distribution, disclosure or forwarding of
> this communication is strictly prohibited. If you have received this
> communication in error, please contact the sender immediately and delete it
> from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Xiaohua Chen <xi...@gmail.com>]

Hi Chris,

Thank you very much for your reply.

One more question:
I come across org.apache.hadoop.security.SecurityUtil
class(http://hadoop.apache.org/docs/stable1/api/index.html?org/apache/hadoop/security/SecurityUtil.html)
 and it provides a couple of login methods e.g. login(Configuration
conf, String keytabFileKey, String userNameKey) .   So if Kerberos
kinit utility is not available from client workstation where our java
client is deployed , do you think the above SecurityUtil.login(...)
can help our application code to authenticate the user defined through
the userNameKey argument  and its credential is provided through
keyTab file ?

Thanks again your help!

Best Regards,

Sophie



On Thu, Jul 17, 2014 at 10:42 AM, Chris Nauroth
<cn...@hortonworks.com> wrote:
> Hello Sophie,
>
> If you're using the HDFS lib like you said (i.e. obtaining an instance of
> FileSystem and using its methods), then I expect your code will "just work"
> with no code changes required when you start running against a secure
> cluster.  The work of switching to a secured deployment with Kerberos is
> mostly a matter of configuration:
>
> http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html
>
> This configuration is external to application code.
>
> Chris Nauroth
> Hortonworks
> http://hortonworks.com/
>
>
>
> On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xi...@gmail.com>
> wrote:
>>
>> Hi Experts,
>>
>> I am new to Hadoop.  I would like to get some help from you:
>>
>> Our current HDFS java client works fine with hadoop server which has
>> NO Kerberos security enabled. We use HDFS lib e.g.
>> org.apache.hadoop.fs.*.
>>
>>  Now we need to change it to work with Kerberosed Hadoop server.  Can
>> you let me know what changes are needed ?
>>
>> Thanks and regards,
>>
>> Sophie
>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader of
> this message is not the intended recipient, you are hereby notified that any
> printing, copying, dissemination, distribution, disclosure or forwarding of
> this communication is strictly prohibited. If you have received this
> communication in error, please contact the sender immediately and delete it
> from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Xiaohua Chen <xi...@gmail.com>]

Hi Chris,

Thank you very much for your reply.

One more question:
I come across org.apache.hadoop.security.SecurityUtil
class(http://hadoop.apache.org/docs/stable1/api/index.html?org/apache/hadoop/security/SecurityUtil.html)
 and it provides a couple of login methods e.g. login(Configuration
conf, String keytabFileKey, String userNameKey) .   So if Kerberos
kinit utility is not available from client workstation where our java
client is deployed , do you think the above SecurityUtil.login(...)
can help our application code to authenticate the user defined through
the userNameKey argument  and its credential is provided through
keyTab file ?

Thanks again your help!

Best Regards,

Sophie



On Thu, Jul 17, 2014 at 10:42 AM, Chris Nauroth
<cn...@hortonworks.com> wrote:
> Hello Sophie,
>
> If you're using the HDFS lib like you said (i.e. obtaining an instance of
> FileSystem and using its methods), then I expect your code will "just work"
> with no code changes required when you start running against a secure
> cluster.  The work of switching to a secured deployment with Kerberos is
> mostly a matter of configuration:
>
> http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html
>
> This configuration is external to application code.
>
> Chris Nauroth
> Hortonworks
> http://hortonworks.com/
>
>
>
> On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xi...@gmail.com>
> wrote:
>>
>> Hi Experts,
>>
>> I am new to Hadoop.  I would like to get some help from you:
>>
>> Our current HDFS java client works fine with hadoop server which has
>> NO Kerberos security enabled. We use HDFS lib e.g.
>> org.apache.hadoop.fs.*.
>>
>>  Now we need to change it to work with Kerberosed Hadoop server.  Can
>> you let me know what changes are needed ?
>>
>> Thanks and regards,
>>
>> Sophie
>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader of
> this message is not the intended recipient, you are hereby notified that any
> printing, copying, dissemination, distribution, disclosure or forwarding of
> this communication is strictly prohibited. If you have received this
> communication in error, please contact the sender immediately and delete it
> from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Xiaohua Chen <xi...@gmail.com>]

Hi Chris,

Thank you very much for your reply.

One more question:
I come across org.apache.hadoop.security.SecurityUtil
class(http://hadoop.apache.org/docs/stable1/api/index.html?org/apache/hadoop/security/SecurityUtil.html)
 and it provides a couple of login methods e.g. login(Configuration
conf, String keytabFileKey, String userNameKey) .   So if Kerberos
kinit utility is not available from client workstation where our java
client is deployed , do you think the above SecurityUtil.login(...)
can help our application code to authenticate the user defined through
the userNameKey argument  and its credential is provided through
keyTab file ?

Thanks again your help!

Best Regards,

Sophie



On Thu, Jul 17, 2014 at 10:42 AM, Chris Nauroth
<cn...@hortonworks.com> wrote:
> Hello Sophie,
>
> If you're using the HDFS lib like you said (i.e. obtaining an instance of
> FileSystem and using its methods), then I expect your code will "just work"
> with no code changes required when you start running against a secure
> cluster.  The work of switching to a secured deployment with Kerberos is
> mostly a matter of configuration:
>
> http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html
>
> This configuration is external to application code.
>
> Chris Nauroth
> Hortonworks
> http://hortonworks.com/
>
>
>
> On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xi...@gmail.com>
> wrote:
>>
>> Hi Experts,
>>
>> I am new to Hadoop.  I would like to get some help from you:
>>
>> Our current HDFS java client works fine with hadoop server which has
>> NO Kerberos security enabled. We use HDFS lib e.g.
>> org.apache.hadoop.fs.*.
>>
>>  Now we need to change it to work with Kerberosed Hadoop server.  Can
>> you let me know what changes are needed ?
>>
>> Thanks and regards,
>>
>> Sophie
>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader of
> this message is not the intended recipient, you are hereby notified that any
> printing, copying, dissemination, distribution, disclosure or forwarding of
> this communication is strictly prohibited. If you have received this
> communication in error, please contact the sender immediately and delete it
> from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Chris Nauroth <cn...@hortonworks.com>]

Hello Sophie,

If you're using the HDFS lib like you said (i.e. obtaining an instance of
FileSystem and using its methods), then I expect your code will "just work"
with no code changes required when you start running against a secure
cluster.  The work of switching to a secured deployment with Kerberos is
mostly a matter of configuration:

http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html

This configuration is external to application code.

Chris Nauroth
Hortonworks
http://hortonworks.com/



On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xi...@gmail.com>
wrote:

> Hi Experts,
>
> I am new to Hadoop.  I would like to get some help from you:
>
> Our current HDFS java client works fine with hadoop server which has
> NO Kerberos security enabled. We use HDFS lib e.g.
> org.apache.hadoop.fs.*.
>
>  Now we need to change it to work with Kerberosed Hadoop server.  Can
> you let me know what changes are needed ?
>
> Thanks and regards,
>
> Sophie
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[John Glynn <jg...@gmail.com>]

Unsubscribe
On Jul 16, 2014 5:00 PM, "Xiaohua Chen" <xi...@gmail.com> wrote:

> Hi Experts,
>
> I am new to Hadoop.  I would like to get some help from you:
>
> Our current HDFS java client works fine with hadoop server which has
> NO Kerberos security enabled. We use HDFS lib e.g.
> org.apache.hadoop.fs.*.
>
>  Now we need to change it to work with Kerberosed Hadoop server.  Can
> you let me know what changes are needed ?
>
> Thanks and regards,
>
> Sophie
>

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Chris Nauroth <cn...@hortonworks.com>]

Hello Sophie,

If you're using the HDFS lib like you said (i.e. obtaining an instance of
FileSystem and using its methods), then I expect your code will "just work"
with no code changes required when you start running against a secure
cluster.  The work of switching to a secured deployment with Kerberos is
mostly a matter of configuration:

http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html

This configuration is external to application code.

Chris Nauroth
Hortonworks
http://hortonworks.com/



On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xi...@gmail.com>
wrote:

> Hi Experts,
>
> I am new to Hadoop.  I would like to get some help from you:
>
> Our current HDFS java client works fine with hadoop server which has
> NO Kerberos security enabled. We use HDFS lib e.g.
> org.apache.hadoop.fs.*.
>
>  Now we need to change it to work with Kerberosed Hadoop server.  Can
> you let me know what changes are needed ?
>
> Thanks and regards,
>
> Sophie
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Chris Nauroth <cn...@hortonworks.com>]

Hello Sophie,

If you're using the HDFS lib like you said (i.e. obtaining an instance of
FileSystem and using its methods), then I expect your code will "just work"
with no code changes required when you start running against a secure
cluster.  The work of switching to a secured deployment with Kerberos is
mostly a matter of configuration:

http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html

This configuration is external to application code.

Chris Nauroth
Hortonworks
http://hortonworks.com/



On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xi...@gmail.com>
wrote:

> Hi Experts,
>
> I am new to Hadoop.  I would like to get some help from you:
>
> Our current HDFS java client works fine with hadoop server which has
> NO Kerberos security enabled. We use HDFS lib e.g.
> org.apache.hadoop.fs.*.
>
>  Now we need to change it to work with Kerberosed Hadoop server.  Can
> you let me know what changes are needed ?
>
> Thanks and regards,
>
> Sophie
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[Chris Nauroth <cn...@hortonworks.com>]

Hello Sophie,

If you're using the HDFS lib like you said (i.e. obtaining an instance of
FileSystem and using its methods), then I expect your code will "just work"
with no code changes required when you start running against a secure
cluster.  The work of switching to a secured deployment with Kerberos is
mostly a matter of configuration:

http://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/SecureMode.html

This configuration is external to application code.

Chris Nauroth
Hortonworks
http://hortonworks.com/



On Wed, Jul 16, 2014 at 2:00 PM, Xiaohua Chen <xi...@gmail.com>
wrote:

> Hi Experts,
>
> I am new to Hadoop.  I would like to get some help from you:
>
> Our current HDFS java client works fine with hadoop server which has
> NO Kerberos security enabled. We use HDFS lib e.g.
> org.apache.hadoop.fs.*.
>
>  Now we need to change it to work with Kerberosed Hadoop server.  Can
> you let me know what changes are needed ?
>
> Thanks and regards,
>
> Sophie
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[John Glynn <jg...@gmail.com>]

Unsubscribe
On Jul 16, 2014 5:00 PM, "Xiaohua Chen" <xi...@gmail.com> wrote:

> Hi Experts,
>
> I am new to Hadoop.  I would like to get some help from you:
>
> Our current HDFS java client works fine with hadoop server which has
> NO Kerberos security enabled. We use HDFS lib e.g.
> org.apache.hadoop.fs.*.
>
>  Now we need to change it to work with Kerberosed Hadoop server.  Can
> you let me know what changes are needed ?
>
> Thanks and regards,
>
> Sophie
>

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[John Glynn <jg...@gmail.com>]

Unsubscribe
On Jul 16, 2014 5:00 PM, "Xiaohua Chen" <xi...@gmail.com> wrote:

> Hi Experts,
>
> I am new to Hadoop.  I would like to get some help from you:
>
> Our current HDFS java client works fine with hadoop server which has
> NO Kerberos security enabled. We use HDFS lib e.g.
> org.apache.hadoop.fs.*.
>
>  Now we need to change it to work with Kerberosed Hadoop server.  Can
> you let me know what changes are needed ?
>
> Thanks and regards,
>
> Sophie
>

Re: what changes needed for existing HDFS java client in order to work with kerberosed hadoop server ?

[John Glynn <jg...@gmail.com>]

Unsubscribe
On Jul 16, 2014 5:00 PM, "Xiaohua Chen" <xi...@gmail.com> wrote:

> Hi Experts,
>
> I am new to Hadoop.  I would like to get some help from you:
>
> Our current HDFS java client works fine with hadoop server which has
> NO Kerberos security enabled. We use HDFS lib e.g.
> org.apache.hadoop.fs.*.
>
>  Now we need to change it to work with Kerberosed Hadoop server.  Can
> you let me know what changes are needed ?
>
> Thanks and regards,
>
> Sophie
>