Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

If Kerberos for Hadoop cluster is implemented using enterprise AD, any Windows machine where users can sign-on using AD credentials has a cached ticket available. This cached ticket is available to any Windows applications by default, but any JAVA applications can't access cached ticket. To access cached ticket from a JAVA application, following registry entry in Windows should be set

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\ParametersValue
Name: AllowTGTSessionKeyValue
Type: REG_DWORD
Value:1

Using klist command on Windows machine, verify username and REALM are in correct case as specified in kerberos settings on cluster. Then, create a jaas.conf file with following entry

Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
useTicketCache=true;};

To access kerborized cluster, JAVA program should be launched with following parameters.

-Djava.security.auth.login.config="<path-to-jaas-conf>/jaas.conf"

This will allow JAVA program to access cached ticket and pass user's own credentials to kerborized cluster.

2,386 Views
Comments
Not applicable

Please can you @Shishir Saxena can you share your whole with me from the jass file to the Java code

Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎02-17-2016 06:43 PM
Updated by:
 
Contributors
Top Kudoed Authors