Community Articles

shishir_saxena4 · ‎02-17-2016

If Kerberos for Hadoop cluster is implemented using enterprise AD, any Windows machine where users can sign-on using AD credentials has a cached ticket available. This cached ticket is available to any Windows applications by default, but any JAVA applications can't access cached ticket. To access cached ticket from a JAVA application, following registry entry in Windows should be set

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\ParametersValue
Name: AllowTGTSessionKeyValue
Type: REG_DWORD
Value:1

Using klist command on Windows machine, verify username and REALM are in correct case as specified in kerberos settings on cluster. Then, create a jaas.conf file with following entry

Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
useTicketCache=true;};

To access kerborized cluster, JAVA program should be launched with following parameters.

-Djava.security.auth.login.config="<path-to-jaas-conf>/jaas.conf"

This will allow JAVA program to access cached ticket and pass user's own credentials to kerborized cluster.

Tapiwa_Maumbe · ‎07-22-2019

Please can you @Shishir Saxena can you share your whole with me from the jass file to the Java code

Cloudera Community

Community Articles

Access Kerberos cluster from JAVA using cached ticket

Apache Hadoop

Kerberos

Security

Re: Access Kerberos cluster from JAVA using cached ticket

How to access Ozone file system using Java API

Kerberos Ticket Error - Cache in IPA /RedHat IDM (...

Accessing AWS services using AWS Java SDK in Scala...

HDFS Balancer and Kerberos Ticket Renewal

Use a Kerberos token for accessing NiFi REST API

Using HDFS Centralized Cache Management

Falcon fails to renew kerberos ticket

Run 2 kerberos ticket in a server for transferring...

java api access security hbase ticket expires

HDF 2.x/3.0: Use Ambari to enable kerberos for HDF...