Community Articles

shishir_saxena4 · ‎02-17-2016

If Kerberos for Hadoop cluster is implemented using enterprise AD, any Windows machine where users can sign-on using AD credentials has a cached ticket available. This cached ticket is available to any Windows applications by default, but any JAVA applications can't access cached ticket. To access cached ticket from a JAVA application, following registry entry in Windows should be set

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\ParametersValue
Name: AllowTGTSessionKeyValue
Type: REG_DWORD
Value:1

Using klist command on Windows machine, verify username and REALM are in correct case as specified in kerberos settings on cluster. Then, create a jaas.conf file with following entry

Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
useTicketCache=true;};

To access kerborized cluster, JAVA program should be launched with following parameters.

-Djava.security.auth.login.config="<path-to-jaas-conf>/jaas.conf"

This will allow JAVA program to access cached ticket and pass user's own credentials to kerborized cluster.

Tapiwa_Maumbe · ‎07-22-2019

Please can you @Shishir Saxena can you share your whole with me from the jass file to the Java code

Cloudera Community

Community Articles

Access Kerberos cluster from JAVA using cached ticket

Apache Hadoop

Kerberos

Security

Re: Access Kerberos cluster from JAVA using cached ticket