Community Articles
Find and share helpful community-sourced technical articles

If Kerberos for Hadoop cluster is implemented using enterprise AD, any Windows machine where users can sign-on using AD credentials has a cached ticket available. This cached ticket is available to any Windows applications by default, but any JAVA applications can't access cached ticket. To access cached ticket from a JAVA application, following registry entry in Windows should be set

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\ParametersValue
Name: AllowTGTSessionKeyValue
Type: REG_DWORD
Value:1

Using klist command on Windows machine, verify username and REALM are in correct case as specified in kerberos settings on cluster. Then, create a jaas.conf file with following entry

Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
useTicketCache=true;};

To access kerborized cluster, JAVA program should be launched with following parameters.

-Djava.security.auth.login.config="<path-to-jaas-conf>/jaas.conf"

This will allow JAVA program to access cached ticket and pass user's own credentials to kerborized cluster.

3,352 Views
Comments
Not applicable

Please can you @Shishir Saxena can you share your whole with me from the jass file to the Java code