[36563] in Kerberos
RE: Multiple realms
daemon@ATHENA.MIT.EDU (Phatak, Bharath)
Mon Oct 20 13:52:18 2014
From: "Phatak, Bharath" <bharath.phatak@rsa.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Date: Mon, 20 Oct 2014 02:17:25 -0400
Message-ID: <D031A198EB3D0147BCB6FE8F3A2E6F6912F63EFD00@MX17A.corp.emc.com>
In-Reply-To: <alpine.GSO.1.10.1410171218080.27826@multics.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi Ben,
I have java client to connect to Kerberos enabled Hadoop. Client should be able to connect different realms at the same time.
I am using following code to interact with Kerberos enabled Hadoop.
UserGroupInformation.loginUserFromKeytab("hdfs/pivhdsne.rup@NEW.COM","/root/hdfsNew.keytab");
System.out.println("Obtained......\n\n\n\n");
URI uri = URI.create("webhdfs://IP:50070 ");
FileSystem fs = FileSystem.get(uri, configuration);
if (fs.mkdirs(new Path("/testKerbhdfsUser")))
System.out.print("Directory created...");
The API is recognizing only default_realm.
Krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm=NEW.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 1m
renew_lifetime = 7d
forwardable = true
default_ccache_name =FILE:/tmp/hello/tktj0gw2g
[realms]
NEW.COM = {
kdc = bharath.kdc
admin_server = bharath.kdc
}
EXAMPLE.COM = {
kdc = wckdserver.krbnet
admin_server = wckdserver.krbnet
}
[domain_realm]
.example.com = EXAMPLE.COM
.new.com = NEW.COM
pivhdsne.localdomain = EXAMPLE.COM
pivhdsne.rupam = NEW.COM
Thanks,
Bharath
-----Original Message-----
From: Benjamin Kaduk [mailto:kaduk@MIT.EDU]
Sent: Friday, October 17, 2014 9:49 PM
To: Phatak, Bharath
Cc: kerberos@mit.edu
Subject: Re: Multiple realms
I am not sure I fully understand the situation, but are the appropriate [domain_realm] mappings in the krb5.conf?
-Ben Kaduk
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos