[
https://issues.apache.org/jira/browse/SQOOP-499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13419634#comment-13419634
]
sachin pawar commented on SQOOP-499:
------------------------------------
Kathleen,
I am trying a simple sqoop client code from remote machine on kerberos enabled
hadoop.
System.setProperty( "java.security.krb5.realm", "<realm.name>");
System.setProperty( "java.security.krb5.kdc", "<kdchost>");
String sqoopArgs[] = new String[]
{
"-D", "fs.default.name=hdfs://<hadoophost>:8020/",
"-D", "mapred.job.tracker=<hadoophost>:8021",
"-D", "hadoop.security.authentication=kerberos",
"-D",
"mapreduce.jobtracker.kerberos.principal=mapred/<host-domain>",
"-D",
"dfs.namenode.kerberos.principal=hdfs/<host-domain>",
"--connect",
"jdbc:sqlserver://<dbhost>:1433;databaseName=SqoopTestDB",
"--username", "sa",
"--password", "sa",
"--table", "bizunit",
};
// ====================================
ImportTool iTool = new ImportTool();
Sqoop sqoop = new Sqoop(iTool);
try {
System.out.println("Started....");
ToolRunner.run(sqoop, sqoopArgs);
System.out.println("=======DONE==========");
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
when I debuged this code with sqoop source i found that
ImportJobBase.runImport() creates a new Job instance
with passed in configuration. At this point the configuration matches to what I
set in the code.
during the initialization the execution reaches UserGroupInformation
getLoginUser()method.
then it does following
/**
* A method to initialize the fields that depend on a configuration.
* Must be called before useKerberos or groups is used.
*/
private static synchronized void ensureInitialized() {
if (!isInitialized) {
initialize(new Configuration());
}
}
here initialize is called using a new empty configuration and not using the
configuration I set.
due to this the UserGroupInformation instance returned is always sets to Simple
authentication mode
ignoring my setting for kerberos mode.
with above configuration when I call following
UserGroupInformation.setConfiguration(kconf);
UserGroupInformation ugi =
UserGroupInformation.loginUserFromKeytabAndReturnUGI(<principal>,
"<keytablocation>");
I get ugi with kerberos auth settings.
but this does not happen to the ugi that sqoop generate.
thanks sachin
> Implement kerberos support for client shell
> -------------------------------------------
>
> Key: SQOOP-499
> URL: https://issues.apache.org/jira/browse/SQOOP-499
> Project: Sqoop
> Issue Type: Task
> Reporter: Arvind Prabhakar
> Fix For: 2.0.0
>
>
> The client shell should be able to identify the user principal from the
> active kerberos session.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
