On 2018/10/23 18:10:45, Ramesh Mani <rm...@hortonworks.com> wrote:
> Hi Rajitha,
>
> Ranger plugins uses the Hadoop UserGroupInformation Object for this and it
> is the pluginĀ¹s responsibility to create the UGI( have to have some kind
> of loginmanger to do it) and set the context in the Ranger Plugin.
>
> Eg in Kafka its done via JAAS Config ( Kafka provides this) and this sets
> the RangerKafkaPlugin UGI which will be used for policy download and
> auditing. Refer the following and see how this can help. You can check
> other plugins as well, each has it mechanism to create and set the UGI
> context.
>
> https://github.com/apache/ranger/blob/master/plugin-kafka/src/main/java/org
> /apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java#L1
> 07
> https://github.com/apache/ranger/blob/master/storm-agent/src/main/java/org/
> apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java#L11
> 3
>
>
> Thanks.
> Ramesh
>
> On 10/23/18, 4:54 AM, "Rajitha R" <rajit...@apache.org> wrote:
>
> >Hi,
> >
> >I am using a custom ranger plugin to interact with Ranger from my
> >project. However I am facing issues wrt authentication in the
> >policyrefresher thread.
> >
> >-> Given that the ranger server I am using is Kerberized, I was wondering
> >which configs need to be set for passing the principal and keytab of my
> >user to negotiate with the server. I looked through the ranger code but
> >in vain.
> >->This is causing auth failures in the policy refresher thread. Only a
> >manual kinit using the keytab and restarting my service is helping.
> >Otherwise, the thread is unable to keep refreshing the tgt which I assume
> >is due to it being unable to find any keytab file being passed to it.
> >
> >Request some help here. Thanks in advance,
> >Rajitha
> >
>
> Thanks for the reference Ramesh. That helps.
