keytab

来源： https://stackoverflow.com/questions/51028835/is-it-possible-to-reference-a-keytab-from-the-classpath-in-jaas-conf

问题 I want to use Oozie with a Java Action which needs to use Kerberos. I have my keytab in HDFS. How could I say that the file is in HDFS? Configuration conf = new Configuration(); conf.set("hadoop.security.authentication", "Kerberos"); UserGroupInformation.setConfiguration(conf); UserGroupInformation.loginUserFromKeytab(kerberosPrincipal, kerberosKeytab); I have tried with a path like hdfs://xxxx:8020/tmp/myKeytab.keytab and I set conf.set("fs.defaultFS", "hdfs://server:8020"); as well but it

问题 I want to use Oozie with a Java Action which needs to use Kerberos. I have my keytab in HDFS. How could I say that the file is in HDFS? Configuration conf = new Configuration(); conf.set("hadoop.security.authentication", "Kerberos"); UserGroupInformation.setConfiguration(conf); UserGroupInformation.loginUserFromKeytab(kerberosPrincipal, kerberosKeytab); I have tried with a path like hdfs://xxxx:8020/tmp/myKeytab.keytab and I set conf.set("fs.defaultFS", "hdfs://server:8020"); as well but it

问题 I am trying to understand how Kerberos works and so came across this file called Keytab which, I believe, is used for authentication to the KDC server. Just like every user and service(say Hadoop) in a kerberos realm has a service principal, does every user and service have a keytab file? Also, does authentication using keytab work on symmetric key cryptography or public-private key? 回答1: To answer your two questions, every user and service does not need a keytab file and keytabs use

问题 I call kinit keytab right before spark-submit in my shell driver script. The thing is, its working by itself, but when I call the shell driver scrip it through Oozie, I got this error: Stdoutput py4j.protocol.Py4JJavaError: An error occurred while calling o49.saveAsTextFile. Stdoutput : org.apache.hadoop.ipc.RemoteException(java.io.IOException): Delegation Token can be issued only with kerberos or web authentication The issue is probably here file.coalesce(1,True).saveAsTextFile(FQDNofHadoop

问题 I am trying to connect to a Hive server via R remotely, and to perform the authentication i use a Kerberos keytab file. Error in .jcall("RJavaTools", "Ljava/lang/Object;", "invokeMethod", cl, : java.io.IOException: Login failure for antonio.silva@HADOOPREALM.LOCAL from keytab C:/Users/antonio.silva/Desktop/jars/antonio.silva.keytab: javax.security.auth.login.LoginException: null (68) But when i try to login the user via keytab, the error appears. #loading libraries library("RJDBC") hadoop

问题 I want to make a script that will generate the a keytab using ktutil. When running the script I want to use [user]$ script.sh PASSWORD #script.sh echo "addent -password -p PRINCIPAL -k 1 -e aes256-cts-hmac-sha1-96" | ktutil Ktutil than needs a password, here I want to use the PASSWORD argument from above. How would I pass the password arguement? 回答1: With GNU bash: user="PRINCIPAL" pass="topsecret" printf "%b" "addent -password -p $user -k 1 -e aes256-cts-hmac-sha1-96\n$pass\nwrite_kt $user

问题 Our AD Team is going to disable RC4-HMAC so I have to change our JBoss-applications to AES. I added the aes types to krb5.conf and created new keytabs but that seems to not work. Tests besides the application with kinit show the same results. There was an similar issue but its solution was already enabled for us. There is another guy (Rick Moritz) with my problem without an answer. Server: SLES12 AD: Windows Server 2016 krb5.conf [libdefaults] debug = false default_realm = MY.DOMAIN ticket

问题 I am using a keytab file to bypass kerberos to run a shell script through oozie. Shell script includes hbase shell commands so I nee to do a kinit before running hbase shell commands.This works fine for me. So, in a case where I launch the job using a coordinator and have several shell scripts in the workflow using a keytab(service account) will there be a conflict in oozie ?Since I launch the job using oozie coordinator but have keytab files in workflow of a service account. Thanks, 回答1: The

问题 I have some doubts regarding generating a keytab file for SQL server kerberos authentication. SQL server's SPN is: MSSQLSvc/myhost:1433@MYDOMAIN.COM I have created keytab file as: ktpass -out "C:\Users\myuser\KerberosConf\MSSQL\myappserver.keytab" -princ MSSQLSvc/myhost:1433@MYDOMAIN.COM -mapUser mydomain\myuser-pass Test@123 -crypto AES256-SHA1 -pType KRB5_NT_PRINCIPAL When viewing the keytab it shows the correct SPN as: [1] Service principal: MSSQLSvc/myhost:1433@MYDOMAIN.COM KVNO: 18 But