Hi Rajitha, Ranger plugins uses the Hadoop UserGroupInformation Object for this and it is the pluginĀ¹s responsibility to create the UGI( have to have some kind of loginmanger to do it) and set the context in the Ranger Plugin.
Eg in Kafka its done via JAAS Config ( Kafka provides this) and this sets the RangerKafkaPlugin UGI which will be used for policy download and auditing. Refer the following and see how this can help. You can check other plugins as well, each has it mechanism to create and set the UGI context. https://github.com/apache/ranger/blob/master/plugin-kafka/src/main/java/org /apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java#L1 07 https://github.com/apache/ranger/blob/master/storm-agent/src/main/java/org/ apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java#L11 3 Thanks. Ramesh On 10/23/18, 4:54 AM, "Rajitha R" <rajit...@apache.org> wrote: >Hi, > >I am using a custom ranger plugin to interact with Ranger from my >project. However I am facing issues wrt authentication in the >policyrefresher thread. > >-> Given that the ranger server I am using is Kerberized, I was wondering >which configs need to be set for passing the principal and keytab of my >user to negotiate with the server. I looked through the ranger code but >in vain. >->This is causing auth failures in the policy refresher thread. Only a >manual kinit using the keytab and restarting my service is helping. >Otherwise, the thread is unable to keep refreshing the tgt which I assume >is due to it being unable to find any keytab file being passed to it. > >Request some help here. Thanks in advance, >Rajitha >
