10-16-2017 12:56 AM
We are unable to renew kerberos user tickets from keytab using java code, while it's working with "kinit -R"
UserGroupInformation loginUser = UserGroupInformation.getLoginUser(); loginUser.checkTGTAndReloginFromKeytab();
Please help me out.
10-17-2017 01:25 PM
you don't need to renew kerberos ticket from java code instead you can create a shell script with kinit and call it from a cron job. you can also schedule this cron once in 24 hrs or 23.59 hrs (based on your ticket validity period). so that your long running job will run without any issue
10-17-2017 01:36 PM - edited 10-17-2017 01:41 PM
Thanks for your reply @saranvisa. But we are running some jobs through Java code and we should not get the Kerberos login tickets from os level as the different Kerberos users will log into the severs os level.So we are trying to login Kerberos user with keytab through Java for a specific job
10-17-2017 02:01 PM
In general the option that i've mentioned is the default method. You have to work with your hadoop/unix admin to setup a cron job for your key tab.
I don't think controlling kerberos ticket from java code is a good option. Because you have to do this for all your jobs... it is not recommended. forget about different kerbeors users as long as your team (or) batchid has a dedicated keytab file but if the different kerbeors user is also using your keytab then the ticket validity is common for both of you
Currently incubating in Cloudera Labs:Envelope