kerberos

问题 I have an Hadoop 3.0 cluster configured with Kerberos. Everything works fine and YARN is started as well. Now I wish to add Spark on top of it and make full use of Hadoop and security. To do so I use a binary distribution of Spark 2.3 and modified the following. In spark-env.sh : YARN_CONF_DIR , set to the folder where my Hadoop configuration files core-site.xml , hdfs-site.xml and yarn-site.xml are located. In spark-defaults.conf : spark.master yarn spark.submit.deployMode cluster spark

问题 We are facing an interesting problem. Users login to application with Kerberos authentication. Few times they are successful, but suddenly they face lockout for their user login information and they see the error below on their screen Login error: com.ibm.security.krb5.KrbException, status code: 24 message: Pre-authentication information was invalid Stack Trace : javax.security.auth.login.FailedLoginException: Login error: com.ibm.security.krb5.KrbException, status code: 24 message: Pre

问题 I used a internal script to setup a Hadoop cluster. It configured Hadoop security with Kerberos by default. This is very inconvenient for a developing environment. I googled a lot, but the results are all about "how to enable ...". Please help to give some reference or advice. 回答1: Change the values for: core-site.xml(HDFS): hadoop.security.authentication to simple hadoop.security.authorization to false hdfs-site.xml(HDFS): dfs.datanode.address to 50010 dfs.datanode.http.address to 50075

问题 at least till Windows XP there was a krb5.ini file if you join a domain with specific settings for the Kerberos REALM. Since Vista or 7 this file is not needed anymore. I am trying to find more information about this but got stuck. Where are the settings from the krb5.ini file now? Got it removed already in Vista or just with Windows 7? For Java applications you can either use the "system default" or you can specify a location to the krb5.ini file. But if you use the default on these later OS

问题 I have to write a custom Jaspic ServerAuthModule (which needs to add a proprietary Authentication Cookie to the HTTP Response AND HTTP Request to be propagated to the applications running on the App Server). The Authentication must be done using Kerberos, SPNEGO. The Application Server to be used is JBOSS EAP 6.4.x I managed to get the Authentication using the JAAS Krb5LoginModule working. The JBOSS EAP Standone.xml I use: <security-domain name="host" cache-type="default"> <authentication>

问题 I want to create an alias for pagsh that will immediately get me the admin kerberos ticket. The problem is that I can't figure out how to specify a command for the bash to run, but still continue with the interactive session after the command is done. My current shot is: alias admin=pagsh -c "bash -c \"kinit xtoth1@ADMIN.META\"" but bash logically ends right after kinit is done. How can I push a custom command into a begging of an interactive session of bash? I still need to run .bashrc

问题 I have a java-based web application that takes the contents of a web form containing a username and password and authenticates using kerberos to a Windows-based domain. The KDC address is apparently configured to map to different IP addresses at each lookup and this can be confirmed by using the ping command from the command line. The call responds immediately for most requests but the response is slow (5-10 seconds or even longer) intermittently. I think this may be due to which domain

问题 I have a Java application running on Windows that needs to authenticate to a webapp using Kerberos/SPNEGO. I'm aware of how to configure JAAS to achieve this, but I find the Java (JDK6 and JDK7beta) Kerberos implementation to be lacking a couple important features I need. For example, support for referrals or using the DNS to figure out the realm of a host (I have a multi-realm environment). Is there a third-party module that can implement authentication using the Windows native SSPI? We've

问题 Please help me on a kerberos+Java problem. I have a simple Java program to authenticate to a Windows Active Directory using Kerberos. The following java code works fine without any problems and prints true- public class KerberosAuthenticator { public static void main(String[] args) { String jaasConfigFilePath = "/myDir/jaas.conf"; System.setProperty("java.security.auth.login.config", jaasConfigFilePath); System.setProperty("java.security.krb5.realm", "ENG.TEST.COM"); System.setProperty("java

问题 I'm trying to activate the kerberos KDC on a WSO2 Identity Server, I'm following this tutorial: https://docs.wso2.com/display/IS510/FAQ#FAQ-HowcanIsetupWSO2ISasaKDC? The thing is that I can activate the Kerberos KDC, but I can't find this option in the management console. Now login thorough management console and go to Configure -> Kerberos KDC -> Service Principals. You can see that "Add new service principals" option is now enabled and you'll be able to add service principals through that