[36555] in Kerberos
Multiple realms
daemon@ATHENA.MIT.EDU (Phatak, Bharath)
Fri Oct 17 11:21:52 2014
From: "Phatak, Bharath" <bharath.phatak@rsa.com>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Fri, 17 Oct 2014 01:12:14 -0400
Message-ID: <D031A198EB3D0147BCB6FE8F3A2E6F6912F63EFCCF@MX17A.corp.emc.com>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi All,
Earlier we were using C++ and curl libraries to support Kerberos for Hadoop. Now we need to provide the same with Java.
I am using following code to interact with Kerberos enabled Hadoop.
UserGroupInformation.loginUserFromKeytab("hdfs/pivhdsne.rup@NEW.COM<mailto:hdfs/pivhdsne.rup@NEW.COM>","/root/hdfsNew.keytab");
System.out.println("Obtained......\n\n\n\n");
URI uri = URI.create("webhdfs://IP:50070 ");
FileSystem fs = FileSystem.get(uri, configuration);
if (fs.mkdirs(new Path("/testKerbhdfsUser")))
System.out.print("Directory created...");
It working fine but when the customer wishes to use multiple realms then my code fails.
With the below conf, code works fine when using NEW.COM but fails if using EXAMPLE.COM.
How I can connect using multiple realms using same krb5.conf but different keytab and different principals.
Krb5.conf
[libdefaults]
default_realm = NEW.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 1d
renew_lifetime = 7d
forwardable = true
[realms]
NEW.COM = {
kdc = bharath.kdc
admin_server = bharath.kdc
}
EXAMPLE.COM = {
kdc = wckdserver.krbnet
admin_server = wckdserver.krbnet
}
Any help is much appreciated.
Thanks,
Bharath
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
