[
https://issues.apache.org/jira/browse/HADOOP-19060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17818333#comment-17818333
]
ASF GitHub Bot commented on HADOOP-19060:
-----------------------------------------
huangzhaobo99 commented on PR #6516:
URL: https://github.com/apache/hadoop/pull/6516#issuecomment-1951627308
Can anyone help review it? Thanks.
Hi @tasanuma @Hexiaoqiao @zhangshuyan0 @slfan1989,
Please kindly review this PR as well if you have bandwidth, Thanks.
> Support hadoop client authentication through keytab configuration.
> ------------------------------------------------------------------
>
> Key: HADOOP-19060
> URL: https://issues.apache.org/jira/browse/HADOOP-19060
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: huangzhaobo
> Priority: Minor
> Labels: pull-request-available
>
> # Shield references to {{UserGroupInformation}} Class.
> # In the future, we can consider supporting KDC password authentication
> through config file (password authentication may require encryption related
> processing). After password authentication, it can avoid the mutual
> transmission of keytab file.
>
> The current HDFS client keytab authentication code is as follows:
> {code:java}
> Configuration conf = new Configuration();
> conf.addResource(new
> Path("/usr/local/service/hadoop/etc/hadoop/hdfs-site.xml"));
> conf.addResource(new
> Path("/usr/local/service/hadoop/etc/hadoop/core-site.xml"));
> UserGroupInformation.setConfiguration(conf);
> UserGroupInformation.loginUserFromKeytab("foo", "/var/krb5kdc/foo.keytab");
> FileSystem fileSystem = FileSystem.get(conf);
> FileStatus[] fileStatus = fileSystem.listStatus(new Path("/"));
> for (FileStatus status : fileStatus) {
> System.out.println(status.getPath());
> } {code}
> This feature supports configuring keytab information in core-site.xml or hdfs
> site.xml. The authentication code is as follows:
> {code:java}
> Configuration conf = new Configuration();
> conf.addResource(new
> Path("/usr/local/service/hadoop/etc/hadoop/hdfs-site.xml"));
> conf.addResource(new
> Path("/usr/local/service/hadoop/etc/hadoop/core-site.xml"));
> FileSystem fileSystem = FileSystem.get(conf);
> FileStatus[] fileStatus = fileSystem.listStatus(new Path("/"));
> for (FileStatus status : fileStatus) {
> System.out.println(status.getPath());
> } {code}
> The config of core-site.xml related to authentication is as follows:
> {code:java}
> <configuration>
> <property>
> <name>hadoop.security.authentication</name>
> <value>kerberos</value>
> </property>
> <property>
> <name>hadoop.client.keytab.principal</name>
> <value>foo</value>
> </property>
> <property>
> <name>hadoop.client.keytab.file.path</name>
> <value>/var/krb5kdc/foo.keytab</value>
> </property>
> </configuration> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
