[
https://issues.apache.org/jira/browse/HADOOP-19060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
huangzhaobo updated HADOOP-19060:
---------------------------------
Description:
# Shield references to {{UserGroupInformation}} Class for easier access.
# In the future, we can consider supporting KDC password authentication
through config file (password authentication may require encryption related
processing). After password authentication, it can avoid the mutual
transmission of keytab file.
The current HDFS client keytab authentication code is as follows:
{code:java}
Configuration conf = new Configuration();
conf.addResource(new
Path("/usr/local/service/hadoop/etc/hadoop/hdfs-site.xml"));
conf.addResource(new
Path("/usr/local/service/hadoop/etc/hadoop/core-site.xml"));
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab("foo", "/var/krb5kdc/foo.keytab");
FileSystem fileSystem = FileSystem.get(conf);
FileStatus[] fileStatus = fileSystem.listStatus(new Path("/"));
for (FileStatus status : fileStatus) {
System.out.println(status.getPath());
} {code}
This feature supports configuring keytab information in core-site.xml or hdfs
site.xml. The authentication code is as follows:
{code:java}
Configuration conf = new Configuration();
conf.addResource(new
Path("/usr/local/service/hadoop/etc/hadoop/hdfs-site.xml"));
conf.addResource(new
Path("/usr/local/service/hadoop/etc/hadoop/core-site.xml"));
FileSystem fileSystem = FileSystem.get(conf);
FileStatus[] fileStatus = fileSystem.listStatus(new Path("/"));
for (FileStatus status : fileStatus) {
System.out.println(status.getPath());
} {code}
The config of core-site.xml related to authentication is as follows:
{code:java}
<configuration>
<property>
<name>hadoop.security.authentication</name>
<value>kerberos</value>
</property>
<property>
<name>hadoop.client.keytab.principal</name>
<value>foo</value>
</property>
<property>
<name>hadoop.client.keytab.file.path</name>
<value>/var/krb5kdc/foo.keytab</value>
</property>
</configuration> {code}
was:
The current HDFS client keytab authentication code is as follows:
{code:java}
Configuration conf = new Configuration();
conf.addResource(new
Path("/usr/local/service/hadoop/etc/hadoop/hdfs-site.xml"));
conf.addResource(new
Path("/usr/local/service/hadoop/etc/hadoop/core-site.xml"));
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab("foo", "/var/krb5kdc/foo.keytab");
FileSystem fileSystem = FileSystem.get(conf);
FileStatus[] fileStatus = fileSystem.listStatus(new Path("/"));
for (FileStatus status : fileStatus) {
System.out.println(status.getPath());
} {code}
This feature supports configuring keytab information in core-site.xml or hdfs
site.xml. The authentication code is as follows:
{code:java}
Configuration conf = new Configuration();
conf.addResource(new
Path("/usr/local/service/hadoop/etc/hadoop/hdfs-site.xml"));
conf.addResource(new
Path("/usr/local/service/hadoop/etc/hadoop/core-site.xml"));
FileSystem fileSystem = FileSystem.get(conf);
FileStatus[] fileStatus = fileSystem.listStatus(new Path("/"));
for (FileStatus status : fileStatus) {
System.out.println(status.getPath());
} {code}
The config of core-site.xml related to authentication is as follows:
{code:java}
<configuration>
<property>
<name>hadoop.security.authentication</name>
<value>kerberos</value>
</property>
<property>
<name>hadoop.client.keytab.principal</name>
<value>foo</value>
</property>
<property>
<name>hadoop.client.keytab.file.path</name>
<value>/var/krb5kdc/foo.keytab</value>
</property>
</configuration> {code}
> Support hadoop client authentication through keytab configuration.
> ------------------------------------------------------------------
>
> Key: HADOOP-19060
> URL: https://issues.apache.org/jira/browse/HADOOP-19060
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: huangzhaobo
> Priority: Minor
> Labels: pull-request-available
>
> # Shield references to {{UserGroupInformation}} Class for easier access.
> # In the future, we can consider supporting KDC password authentication
> through config file (password authentication may require encryption related
> processing). After password authentication, it can avoid the mutual
> transmission of keytab file.
>
> The current HDFS client keytab authentication code is as follows:
> {code:java}
> Configuration conf = new Configuration();
> conf.addResource(new
> Path("/usr/local/service/hadoop/etc/hadoop/hdfs-site.xml"));
> conf.addResource(new
> Path("/usr/local/service/hadoop/etc/hadoop/core-site.xml"));
> UserGroupInformation.setConfiguration(conf);
> UserGroupInformation.loginUserFromKeytab("foo", "/var/krb5kdc/foo.keytab");
> FileSystem fileSystem = FileSystem.get(conf);
> FileStatus[] fileStatus = fileSystem.listStatus(new Path("/"));
> for (FileStatus status : fileStatus) {
> System.out.println(status.getPath());
> } {code}
> This feature supports configuring keytab information in core-site.xml or hdfs
> site.xml. The authentication code is as follows:
> {code:java}
> Configuration conf = new Configuration();
> conf.addResource(new
> Path("/usr/local/service/hadoop/etc/hadoop/hdfs-site.xml"));
> conf.addResource(new
> Path("/usr/local/service/hadoop/etc/hadoop/core-site.xml"));
> FileSystem fileSystem = FileSystem.get(conf);
> FileStatus[] fileStatus = fileSystem.listStatus(new Path("/"));
> for (FileStatus status : fileStatus) {
> System.out.println(status.getPath());
> } {code}
> The config of core-site.xml related to authentication is as follows:
> {code:java}
> <configuration>
> <property>
> <name>hadoop.security.authentication</name>
> <value>kerberos</value>
> </property>
> <property>
> <name>hadoop.client.keytab.principal</name>
> <value>foo</value>
> </property>
> <property>
> <name>hadoop.client.keytab.file.path</name>
> <value>/var/krb5kdc/foo.keytab</value>
> </property>
> </configuration> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
