Nearly all components in the Hadoop ecosystem require you to perform a
login with your credentials when writing Java code.
The only exception I'm aware of is ZooKeeper which can automatically
perform a login via JAAS.
Supporting automatic login via JAAS would be the best path forward here.
Creating unique side-effects around security credentials in Accumulo is
a bad idea (which is why the method you're referring to on KerberosToken
was marked as Deprecated so that we eventually remove it).
On 10/27/17 12:06 PM, Jorge Machado wrote:
Hi Guys,
I just started developing a Accumulo Client with Kerberos and sasl. It was a
hell to figure out that you need to call yourself
UserGroupInformation.loginfromkeytab(principal,keytab) and then you can call
KerberosToken(principal,keytab) this all because we deprecated the
replaceuser from the ugi. Later on when we get the connector this breaks apart
mainly because for example my keytab is has not the same user as the os account
where I’m developing.
It would be nice to just login the user. What are the are you guys thinking
about this ?
Regards
Jorge
