there's one more thing to note -when working with a linux kerberos cluster, you must have the export crypto package installed, else you get to see the useful error message "No valid credentials provided (Mechanism level: Illegal key size)]"
I don't know if miniKDC works with smaller key lengths, so avoids this problem On 17 April 2014 16:37, Alejandro Abdelnur <t...@cloudera.com> wrote: > minikdc can be run from the commandline to do exactly that, as args you > give dir where it will create the krb5conf file, a list of principals to > have, a keytab with all those princs will be created in the dir, distribute > the krb5.conf and the keytabfile to you clients. config the cluents to pick > up the krb5.conf, you are done. > > thx > > Alejandro > (phone typing) > > > On Apr 17, 2014, at 8:28, Jay Vyas <jayunit...@gmail.com> wrote: > > > > ah .. thats nice to know. so ... are there other lightweight kerberos > > implementations that we can use on a real cluster to get started with > > kerberos authentication without having to install a whole kdc > environment? > > > > > > On Thu, Apr 17, 2014 at 11:15 AM, Alejandro Abdelnur <t...@cloudera.com > >wrote: > > > >> or you can use hadoop-minikdc, it is a java kdc base on apacheds, and > >> doesnt require any os level setup. there are some tests in hadoop rhat > >> already use it. > >> > >> thx > >> > >> Alejandro > >> (phone typing) > >> > >>>> On Apr 17, 2014, at 5:44, Steve Loughran <ste...@hortonworks.com> > wrote: > >>>> > >>>> On 16 April 2014 23:42, Mohammad Islam <misla...@yahoo.com> wrote: > >>>> > >>>> Hi, > >>>> I tried to run a test case using this command from my Linux box: > >>>> mvn clean test -PtestKerberos -Dtest=TestJHSSecurity > >>>> > >>>> And I got the following exception. I know it is related to setup the > >>>> principal and other kerberos settings. > >>>> > >>>> Can someone please help me about this? such as what is the mvn > command > >>>> and what other settings are required? > >>> > >>> > >>> > >>> it'll need the kerberos credentials used to talk to the cluster, which > >> you > >>> pick up client side via kinit ; the Java code will pick them up. > >>> > >>> > >>> > >>>> Do I need to run my own KDC or provide own keytab? > >>> you will need your own KDC, this is easy enough to set up on Linux > -even > >> in > >>> a VM- and you can certainly use Linux or OSX as test boxes. > >>> > >>> -- > >>> CONFIDENTIALITY NOTICE > >>> NOTICE: This message is intended for the use of the individual or > entity > >> to > >>> which it is addressed and may contain information that is confidential, > >>> privileged and exempt from disclosure under applicable law. If the > reader > >>> of this message is not the intended recipient, you are hereby notified > >> that > >>> any printing, copying, dissemination, distribution, disclosure or > >>> forwarding of this communication is strictly prohibited. If you have > >>> received this communication in error, please contact the sender > >> immediately > >>> and delete it from your system. Thank You. > > > > > > > > -- > > Jay Vyas > > http://jayunit100.blogspot.com > -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You.
