java - How to use UserGroupInformation with Kerberos WebHDFS -



java - How to use UserGroupInformation with Kerberos WebHDFS -

following client code on non hadoop scheme perform actions on secured remote hdfs.

configuration conf = new configuration(); conf.set("hadoop.security.authentication", "kerberos"); conf.set("java.security.krb5.conf",krbpath); conf.set("fs.defaultfs", "webhdfs://10.31.251.254:50070"); conf.set("fs.webhdfs.impl", org.apache.hadoop.hdfs.web.webhdfsfilesystem.class.getname()); conf.set("com.sun.security.auth.module.krb5loginmodule", "required"); conf.set("debug", "true"); conf.set("ticketcache", "dir:/etc/"); system.out.print("conf......"); usergroupinformation.setconfiguration(conf); usergroupinformation.loginuserfromkeytab("dummy@example.com", keytab); system.out.print("obtained......"); uri uri = uri.create("webhdfs://dummy:50070"); filesystem fs = filesystem.get(uri, conf); if (fs.mkdirs(new path("/testkerb2"))) system.out.print("directory created...");

i able perform actions ticket configuration values not read krb5.conf. ticket lifetime mentioned in conf file 1m code generates ticket 1d lifetime. , tickets not generated in configured ticketcache.

please help in configuring code reads krb5.conf file , generates tickets in configured path.

following in console o/p

*911 [main] debug org.apache.hadoop.security.usergroupinformation - hadoop login commit 912 [main] debug org.apache.hadoop.security.usergroupinformation - using kerberos user:hdfs/yyyy@example.com 914 [main] info org.apache.hadoop.security.usergroupinformation - login successful user hdfs/yyyy@example.com using keytab file wcnew.keytab obtained......998 [main] debug org.apache.hadoop.io.retry.retryutils - multiplelinearrandomretry = null 1026 [main] debug org.apache.hadoop.security.usergroupinformation - privilegedaction as:hdfs/yyyy@example.com (auth:kerberos) from:org.apache.hadoop.hdfs.web.webhdfsfilesystem$runner.gethttpurlconnection(webhdfsfilesystem.java:456) 1027 [main] debug org.apache.hadoop.hdfs.web.webhdfsfilesystem - open authenticatedurl connection 1051 [main] debug org.apache.hadoop.security.usergroupinformation - found tgt ticket (hex) = 0000: 61 82 01 42 30 82 01 3e a0 03 02 01 05 a1 0d 1b a..b0..>........ 0010: 0b 45 58 41 4d 50 4c 45 2e 43 4f 4d a2 20 30 1e .example.com. 0. 0020: a0 03 02 01 02 a1 17 30 15 1b 06 6b 72 62 74 67 .......0...krbtg 0030: 74 1b 0b 45 58 41 4d 50 4c 45 2e 43 4f 4d a3 82 t..example.com.. 0040: 01 04 30 82 01 00 a0 03 02 01 12 a1 03 02 01 01 ..0............. 0050: a2 81 f3 04 81 f0 ec 1a 94 3a 38 70 90 14 04 b5 .........:8p.... 0060: 23 a5 0a 68 78 9e 52 74 a8 2c c2 98 8d fa 6f advertisement #..hx.rt.,....o. 0070: b1 8f 4a 69 02 b1 13 a0 8b 45 b1 51 1f 48 a6 2b ..ji.....e.q.h.+ 0080: 22 23 26 63 05 12 7f 1a 38 a9 81 0b 5b ea fa cc "#&c....8...[... 0090: a7 d3 bc 15 37 46 32 2f 94 d4 a3 a4 88 9c 01 c5 ....7f2/........ 00a0: 40 a5 83 ce 46 6b 6e 83 9e cd 8d de a8 60 7f 77 @...fkn......`.w 00b0: 3a 1d f4 e4 fb 26 e9 1f d8 54 1e 78 0e 7c 15 8c :....&...t.x.... 00c0: 46 54 11 d9 69 f7 fd 65 f5 72 ab 48 75 b3 6e c1 ft..i..e.r.hu.n. 00d0: 38 80 8c 72 62 cb 8f 55 f0 0c 3b ba 28 3b 74 3b 8..rb..u..;.(;t; 00e0: c7 bb f4 8f 81 ff 16 ea d6 e1 42 5b a0 ee e6 13 ..........b[.... 00f0: 8e 16 a3 0f f0 ce 0b 83 6d 5c e9 36 25 0c df 8a ........m\.6%... 0100: 09 76 41 86 2a cb b0 b6 19 58 6d 38 85 advertisement 94 92 .va.*....xm8.... 0110: de b8 44 d3 94 ec bb b7 de d2 d3 db 7e 32 03 06 ..d..........2.. 0120: c2 ce 8d f5 36 aa de e6 84 c6 fb f5 6a a9 d6 cf ....6.......j... 0130: b9 20 0c f0 ab 56 3e 1e 9d 9e b5 bd 24 cd c1 da . ...v>.....$... 0140: ab ab b7 71 35 b4 ...q5. client principal = hdfs/yyyy@example.com server principal = krbtgt/example.com@example.com session key = encryptionkey: keytype=17 keybytes (hex dump)= 0000: 79 80 fd 99 cf 82 f2 76 c3 de 1c 01 8a 78 ec 89 y......v.....x.. forwardable ticket true forwarded ticket false proxiable ticket false proxy ticket false postdated ticket false renewable ticket false initial ticket false auth time = tue oct 07 03:46:09 utc 2014 start time = tue oct 07 03:46:09 utc 2014 end time = wed oct 08 03:46:09 utc 2014 renew till = null client addresses null found ticket hdfs/yyyy@example.com go krbtgt/example.com@example.com expiring on wed oct 08 03:46:09 utc 2014 entered krb5context.initseccontext state=state_new service ticket not found in subject >>> credentials acquireservicecreds: same realm using builtin default etypes default_tgs_enctypes default etypes default_tgs_enctypes: 17 16 23 1 3. >>> cksumtype: sun.security.krb5.internal.crypto.rsamd5cksumtype >>> etype: sun.security.krb5.internal.crypto.aes128ctshmacsha1etype >>> krbkdcreq send: kdc=wckdserver.krbnet udp:88, timeout=30000, number of retries =3, #bytes=680 >>> kdccommunication: kdc=wckdserver.krbnet udp:88, timeout=30000,attempt =1, #bytes=680 >>> krbkdcreq send: #bytes read=672 >>> kdcaccessibility: remove wckdserver.krbnet >>> etype: sun.security.krb5.internal.crypto.aes128ctshmacsha1etype >>> krbapreq: apoptions 00100000 00000000 00000000 00000000 >>> etype: sun.security.krb5.internal.crypto.aes128ctshmacsha1etype krb5context setting myseqnumber to: 637586272 created initseccontexttoken: 0000: 01 00 6e 82 02 53 30 82 02 4f a0 03 02 01 05 a1 ..n..s0..o...... 0010: 03 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 01 ......... ...... 0020: 62 61 82 01 5e 30 82 01 5a a0 03 02 01 05 a1 0d ba..^0..z....... 0030: 1b 0b 45 58 41 4d 50 4c 45 2e 43 4f 4d a2 27 30 ..example.com.'0 0040: 25 a0 03 02 01 00 a1 1e 30 1c 1b 04 48 54 54 50 %.......0...http 0050: 1b 14 70 69 76 68 64 73 6e 65 2e 6c 6f 63 61 6c ..pivhdsne.local 0060: 64 6f 6d 61 69 6e a3 82 01 19 30 82 01 15 a0 03 domain....0..... 0070: 02 01 12 a1 03 02 01 01 a2 82 01 07 04 82 01 03 ................ 0080: 0c e0 cc 1b 75 0d 75 26 7e fc 33 d6 37 7d ec 09 ....u.u&..3.7... 0090: da ce 9d 48 25 89 e4 9e f3 d0 07 13 ce 3d 96 ....h%........=. 00a0: e8 c2 0f 6e 8e 28 c7 85 3a d4 9d b8 cf 96 dd 3f ...n.(..:......? 00b0: 42 8f 93 e3 e8 advertisement db 84 51 02 e4 c6 bc f2 5d c5 b.......q.....]. 00c0: 17 73 9a b8 ec 10 76 58 6f f5 25 8d 5a c6 48 6b .s....vxo.%.z.hk 00d0: a8 5a 30 83 14 f4 7d e0 90 ff d8 a8 a7 17 51 00 .z0...........q. 00e0: 43 0c 1d b6 2a c1 49 66 fa b8 5e 47 67 4b b0 fa c...*.if..^ggk.. 00f0: 10 c2 0d 72 bc 01 c5 d8 fd 5a 1f 8d 53 ca d9 88 ...r.....z..s... 0100: 6c 00 7c 73 66 88 3a 41 35 b2 45 cf f5 19 8c 28 l..sf.:a5.e....( 0110: 87 c5 fc 4a e5 37 51 ba 8b e0 ff ed 69 03 2d 4e ...j.7q.....i.-n 0120: 3a e8 56 0a 84 92 98 95 e7 5b 15 dc 35 11 35 cf :.v......[..5.5. 0130: f3 3a 99 6f c1 4a f5 49 62 e1 dc 0b fd f2 82 37 .:.o.j.ib......7 0140: ee bb b8 85 78 50 1b 3a e3 41 7d 96 2b 63 30 2a ....xp.:.a..+c0* 0150: 70 c4 c3 d4 ea ff 1f f0 6a 9e bb 60 a2 a4 4d 3d p.......j..`..m= 0160: 8e 48 57 12 10 a4 96 49 c2 1b ac 30 f7 3e 5a 98 .hw....i...0.>z. 0170: cb d5 a0 f0 2f fb a4 f3 6d 3c 00 c5 f2 cc 32 bc ..../...m<....2. 0180: f0 b1 04 a4 81 d3 30 81 d0 a0 03 02 01 11 a2 81 ......0......... 0190: c8 04 81 c5 58 e6 68 49 27 ea d0 a2 9a fb ea 70 ....x.hi'......p 01a0: 61 10 fd 7e 66 b5 ef 02 f0 da 5e 3e c0 3b 53 72 a...f.....^>.;sr 01b0: 77 1b 4c 69 7d 49 96 19 58 11 e7 fb dc 6b 3d w.li.i..x.....k= 01c0: bd 47 24 49 e9 01 7d a3 advertisement 14 1c 92 94 8a 71 .g$i...........q 01d0: ae 60 fb 8b f9 29 26 6e 49 27 8f f9 ba ec ed 77 .`...)&ni'.....w 01e0: 4e f1 e2 e7 9c f6 79 57 9d 95 6c 6d 28 b5 43 f3 n.....yw..lm(.c. 01f0: a2 03 ce df 3d 0f fe 2e f8 63 b5 f5 c8 d9 a7 77 ....=....c.....w 0200: 79 53 80 90 dd b9 7c 50 06 f3 84 b5 ce 90 6f 8d ys.....p......o. 0210: 71 3b ef a0 7a cc 8d 2e 7e 25 de ed ee f8 1c d2 q;..z....%...... 0220: 41 dd 05 26 a0 1b 19 bf 58 7b 8e 87 c4 ac ef a...&....x...... 0230: 8d 66 c6 af c9 42 3b e8 a8 a1 8e 80 d4 3f e7 9d .f...b;......?.. 0240: 58 d8 f2 53 a7 62 c0 70 84 21 5e c2 85 bc 86 70 x..s.b.p.!^....p 0250: ed cc 78 0a 52 d2 f3 eb b1 ..x.r.... 1566 [main] debug org.apache.hadoop.security.authentication.client.kerberosauthenticator - using fallback authenticator sequence. found ticket hdfs/yyyy@example.com go krbtgt/example.com@example.com expiring on wed oct 08 03:46:09 utc 2014 entered krb5context.initseccontext state=state_new service ticket not found in subject >>> credentials acquireservicecreds: same realm using builtin default etypes default_tgs_enctypes default etypes default_tgs_enctypes: 17 16 23 1 3. >>> cksumtype: sun.security.krb5.internal.crypto.rsamd5cksumtype >>> etype: sun.security.krb5.internal.crypto.aes128ctshmacsha1etype >>> krbkdcreq send: kdc=wckdserver.krbnet udp:88, timeout=30000, number of retries =3, #bytes=680 >>> kdccommunication: kdc=wckdserver.krbnet udp:88, timeout=30000,attempt =1, #bytes=680 >>> krbkdcreq send: #bytes read=672 >>> kdcaccessibility: remove wckdserver.krbnet >>> etype: sun.security.krb5.internal.crypto.aes128ctshmacsha1etype >>> krbapreq: apoptions 00100000 00000000 00000000 00000000 >>> etype: sun.security.krb5.internal.crypto.aes128ctshmacsha1etype krb5context setting myseqnumber to: 464503906 created initseccontexttoken: 0000: 01 00 6e 82 02 53 30 82 02 4f a0 03 02 01 05 a1 ..n..s0..o...... 0010: 03 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 01 ......... ...... 0020: 62 61 82 01 5e 30 82 01 5a a0 03 02 01 05 a1 0d ba..^0..z....... 0030: 1b 0b 45 58 41 4d 50 4c 45 2e 43 4f 4d a2 27 30 ..example.com.'0 0040: 25 a0 03 02 01 00 a1 1e 30 1c 1b 04 48 54 54 50 %.......0...http 0050: 1b 14 70 69 76 68 64 73 6e 65 2e 6c 6f 63 61 6c ..pivhdsne.local 0060: 64 6f 6d 61 69 6e a3 82 01 19 30 82 01 15 a0 03 domain....0..... 0070: 02 01 12 a1 03 02 01 01 a2 82 01 07 04 82 01 03 ................ 0080: eb 9c 24 60 e8 63 a6 ef e8 9c b7 db 4b 0b db a0 ..$`.c......k... 0090: 47 01 b0 c3 df 50 96 3e 76 d3 36 14 62 cc 14 3d g....p.>v.6.b..= 00a0: 5d 06 07 2c f8 e7 79 09 a6 73 4a 2c d5 2d 6f 09 ]..,..y..sj,.-o. 00b0: 08 c2 a0 85 b7 af d3 3e 83 f5 11 62 21 4f 5c .......>....b!o\ 00c0: 73 09 a2 8f 4a cd 3f 4c 31 46 6e c5 98 c6 5d ef s...j.?l1fn...]. 00d0: 37 b3 50 c6 d4 18 82 62 65 6a 0d 0c 71 ea 96 16 7.p....bej..q... 00e0: e7 9a e8 4c ca 90 0a 3d fd 03 c1 ed 3f 85 5b c7 ...l...=....?.[. 00f0: 3a 15 f7 52 95 58 d5 07 3d 0c 93 8b 63 c7 ca 19 :..r.x..=...c... 0100: 29 3d 68 bf 58 b6 5c 48 26 31 06 31 1b a1 af 3c )=h.x.\h&1.1...< 0110: fd 98 75 46 42 06 70 c6 74 b2 1c dc cc 13 ae ...ufb.p.t...... 0120: c0 d2 bb 78 ef 36 21 25 7c 06 20 91 3a 59 99 d1 ...x.6!%.. .:y.. 0130: f0 d3 0c 5a 5f e6 27 98 c5 fd 56 98 83 22 94 4e ...z_.'...v..".n 0140: 32 1f 5e 55 c5 07 ca 27 ae c2 0b b9 8f 33 06 05 2.^u...'.....3.. 0150: 6b 84 9c 16 9d 30 d1 8a ab f7 79 7a 9f 7c 11 5e k....0....yz...^ 0160: 81 7f 63 fc c2 49 b0 2f 13 2c b9 00 24 a0 44 dd ..c..i./.,..$.d. 0170: 06 56 3e bf 16 15 14 dd c2 5b 63 8e dc f8 63 30 .v>......[c...c0 0180: 6a c0 e6 a4 81 d3 30 81 d0 a0 03 02 01 11 a2 81 j.....0......... 0190: c8 04 81 c5 8d 4d dd 54 f7 22 23 7f ac 89 e6 25 .....m.t."#....% 01a0: 1c e0 95 26 db d0 fd 01 5f 0f c2 51 98 ac 0a fa ...&...._..q.... 01b0: 74 56 bf 1e c0 a6 b6 1f b8 7f e7 ec b1 54 1c dd tv...........t.. 01c0: cb ba 33 58 7d 13 86 84 0a 83 2d b1 5d 96 d8 b2 ..3x......-.]... 01d0: af 01 ca 5d 94 38 e9 d0 75 4e 2e c6 16 4c bd ...]..8..un...l. 01e0: c0 45 9c 85 a7 a7 35 6a 81 ac 10 8f ef f9 d1 a5 .e....5j........ 01f0: 72 9e 76 93 f5 98 b6 25 e2 17 b8 59 7e 55 26 95 r.v....%...y.u&. 0200: 36 ef 1d 2e 7f 6b 1c 26 46 bf db 4d 48 31 86 4b 6....k.&f..mh1.k 0210: 9d cc 67 8b 71 d5 24 8e c4 42 1d 99 0b c0 7b 6e ..g.q.$..b.....n 0220: 44 ed 8e b0 1b ba d5 ae 41 e5 9a 2a 30 36 91 38 d.......a..*06.8 0230: 7d ba 47 fc 61 64 53 49 68 75 ac ca 13 dc b6 8b ..g.adsihu...... 0240: 0e e4 84 3f 61 7b 6e 71 4e 5f b1 56 17 aa 70 61 ...?a.nqn_.v..pa 0250: 0f ef 8c c7 cb 45 ba 01 64 .....e..d 1898 [main] warn org.apache.hadoop.security.token.token - cannot find class token kind webhdfs delegation 1899 [main] debug org.apache.hadoop.security.securityutil - acquired token kind: webhdfs delegation, service: xxxx:50070, ident: 00 04 68 64 66 73 04 68 64 66 73 00 8a 01 48 e8 b9 33 8a 01 49 0c c6 42 33 8d 04 d5 6c 8f 99 1904 [main] debug org.apache.hadoop.hdfs.web.webhdfsfilesystem - created new dt xxxx:50070 1908 [main] debug org.apache.hadoop.security.usergroupinformation - privilegedaction as:hdfs/yyyy@example.com (auth:kerberos) from:org.apache.hadoop.hdfs.web.webhdfsfilesystem$runner.gethttpurlconnection(webhdfsfilesystem.java:456) 1908 [main] debug org.apache.hadoop.hdfs.web.webhdfsfilesystem - open url connection directory created...2921 [main] debug org.apache.hadoop.security.usergroupinformation - privilegedaction as:hdfs/yyyy@example.com (auth:kerberos) from:org.apache.hadoop.hdfs.web.webhdfsfilesystem$runner.gethttpurlconnection(webhdfsfilesystem.java:456)*

you have set location of krb5.conf file in system, not hadoop configurations, i.e. replace line

conf.set("java.security.krb5.conf",krbpath);

with

system.setproperty( "java.security.krb5.conf", krbpath);

(but figured out yourself, given question 5 months old)

java hadoop kerberos webhdfs

-

Comments

Post a Comment

Popular posts from this blog

formatting - SAS SQL Datepart function returning odd values -

formatting - SAS SQL Datepart function returning odd values - i'm having massive problem project can't seem right. i'm trying modify info variable in datetime format. first info 30mar12:00:00:00. i've been advised utilize code below returns value 30mar60:5:30:00. want date component , have no thought how info got exported in format wasn't in microsoft access. i've tried several mods code 1 time again comes blank or sends error message. proc sql; update dataset set date = datepart(date); quit; any advice appreciated. i'm guessing variable date numeric , formatted datetime. 1 time you've carried out conversion, alter format date9. sas datetime value number of seconds since 01 jan 1960, whereas dates number of days since 01 jan 1960. both stored numbers, using right format display value key. illustration below. data _null_; a='30mar12:00:00:00'dt; b=datepart(a); c=b; format b datetime. c date9.; set b c; run; ...
Read more

c++ - Apple Mach-O Linker Error(Duplicate Symbols For Architecture armv7) -

c++ - Apple Mach-O Linker Error(Duplicate Symbols For Architecture armv7) - here error: duplicate symbol _objc_metaclass_$_bfapplinkreturntorefererview in: /users/user/documents/facebooksdk/facebooksdk.framework/facebooksdk(bfapplinkreturntorefererview.o) /users/user/desktop/project/project/project/assets/facebook/editor/ios/facebooksdk/facebooksdk.a(bfapplinkreturntorefererview.o) ld: 889 duplicate symbols architecture armv7 clang: error: linker command failed exit code 1 (use -v see invocation) i have searched find solution of error couldn't. there tons of similar error this, 1 hasn't been asked yet. problem shows when add together "-objc" "other linker flags". need add together utilize admob service. problem? how can solve this? i faced same issue while integrating facebook-ios-sdk. because using 3rd party library had bolts.framework linked against it. solution found incorporate facebook-ios-sdk source code hosted on github. ...
Read more

php - Yii 2: Unable to find a class into the extension 'yii2-admin' -

php - Yii 2: Unable to find a class into the extension 'yii2-admin' - extension's github project: https://github.com/mdmsoft/yii2-admin i'm using advanced template of yii2, i've backend , frontend , common folders advanced folder. the advanced folder on same level of vendor folder. i've others extensions , working then installed yii2-admin composer php composer.phar require mdmsoft/yii2-admin "*" installation worked well. into vendor folder i've mdmsoft folder yii2-admin subfolder it. this actual content of v endor/yiisoft/extensions.php (modified composer installation, haven't manually touched it) <?php $vendordir = dirname(__dir__); homecoming array ( 'yiisoft/yii2-jui' => array ( 'name' => 'yiisoft/yii2-jui', 'version' => '2.0.0.0', 'alias' => array ( '@yii/jui' => $vendordir . '/yiisoft/yii2-jui', ...
Read more