You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by Raghavendra Nandagopal <as...@gmail.com> on 2014/06/19 02:17:07 UTC
Renewable Ticket using Keytab through JAAS API
Hi,
Checking if you had come across the same problem while implementing
security in Hadoop specifically auto ticket renewal.
I am using a Key tab file with the below JAAS configuration.
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab = true
useTicketCache = true
keyTab="xyz.keytab"
storeKey=true
principal="user/xyz.com"
The configuration works only if the Kinit is called before hand and the
ticket is present in the cache. I am checking a condition for renewable
ticket using JAAS API and it works.
Now if I modify the JAAS configuration not to use ticket cache i.e., by
setting the useTicketCache = false then without calling Kinit and just
using the keyTab is failing to set the renewable flag although I am able to
get the ticket authenticated from the kerberos using JAAS API. Below is
the JAAS configuration.
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab = true
useTicketCache = false
keyTab="xyz.keytab"
storeKey=true
principal="user/xyz.com"
Please let me know how do we use keytab in JAAS API bypassing kinit command
and the renewable ticket flag is set.
Thanks,
Raghav