Yep, that will be great. On Mon, Jul 18, 2016 at 8:41 PM, Brandon Allbery <ballb...@sinenomine.net> wrote:
> While I can’t give you details, it sounds like you want to change the web > application to use SPNEGO to do Kerberos authentication with a user; this > gives you a credential that you can then use to authenticate to Hadoop. > > > > *From: *Aneela Saleem <ane...@platalytics.com> > *Date: *Monday, July 18, 2016 at 11:13 > *To: *Brandon Allbery <ballb...@sinenomine.net> > *Cc: *"kerberos@mit.edu" <kerberos@mit.edu> > *Subject: *Re: Login usecase > > > > Thanks Brandon for your response. > > Actually, My use-case is that I have a web application that authenticates > a user. Then user calls my backend services written in java to interact > with hadoop cluster. My hadoop cluster is kerberos-enabled. I need to > authenticate this user using my java code. I am able to login using keytab > files, but i did not get someway to login using password. For logging in > using keytab files, we need to place keytab files for all the system users > on all the hosts from where we can access our hadoop cluster. So this is > the main drawback. And as you say logging using keytab files is not > appropriate then how can we achieve this objective? > > Thanks > > > > On Mon, Jul 18, 2016 at 7:45 PM, Brandon Allbery <ballb...@sinenomine.net> > wrote: > > You are going to have to describe what you are trying to do in more > detail. Keytabs are not normally used for this purpose, except in the case > of automated procedures (e.g. cron) that need to log in to a service as if > they are a user. Perhaps you have confused keytabs (“passwords” on disk) > with ccaches (ephemeral service credentials, which may or may not be on > disk and typically expire in a relatively short time)? > > > On 7/17/16, 16:04, "kerberos-boun...@mit.edu on behalf of Aneela Saleem" < > kerberos-boun...@mit.edu on behalf of ane...@platalytics.com> wrote: > > Hi all, > > If a user logs into any kerberized Application, using Krb5LoginModule, > there is a function loginFromKeyTab. Client should have the key tab > file to > login to application. But I think this is very insecure way of login. > Anyone who cloud access your key tab file then login to application. Is > there any appropriate way to login to system. I don't understand How > to do > this. I'm stuck > > Thanks > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > > > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos