Hi Harsh, My desire is to understand Hadoop security model. My desire is to find out and understand class/method of the code within hadoop source control ( which i have downloaded, 2.6) where the client uses principal plus ticket to get token, which it finally send it to the Namenode. Please correct me if i have incorrect understanding of the process as I am pretty new to hadoop security and had been reading various articles on it.
thanks Rahul On Mon, Feb 23, 2015 at 11:24 PM, Harsh J <ha...@cloudera.com> wrote: > The use of kerberos is transparent to job development, unless you have > long-running application needs. > > When properly configured to use security (via the XML files), the > JobClient/etc. will auto-discover a local kinit-done login to make use > of it for authentication. > > Counter question therefore is, what is your specific error (or need) > that leads you to look for a different approach? > > That said, if you are looking at performing a keytab login (rather > than using the local kinit cache) from within > your application, you could use JAAS or rely on SecurityUtil#login(…) > API: > https://hadoop.apache.org/docs/stable1/api/org/apache/hadoop/security/SecurityUtil.html#login(org.apache.hadoop.conf.Configuration > , > java.lang.String, java.lang.String) > > On Tue, Feb 24, 2015 at 12:22 AM, Rahul Shrivastava <rhshr...@gmail.com> > wrote: > > Hi All, > > > > I am new to Hadoop Authentication ( Kerberos, Simple Authentication). I > > have been doing reading for security aspects of Hadoop at > > http://blog.godatadriven.com/kerberos_kdc_install.html and > > > http://blog.cloudera.com/blog/2012/03/authorization-and-authentication-in-hadoop/ > . > > Can someone provide me a Java code example of a map -reduce program that > > uses Kerberos. A writeup that does a walk through of how to setup a > > map-reduce program using kerberos would be helpful. Here I would not need > > how to do setup of kerberos but rather how to setup a map-reduce program > > that uses kerberos. > > > > > > Sorry if the question is previously been answered. > > > > > > Thanks > > > > Rahul > > > > -- > Harsh J >
