Support Questions

kkane · ‎11-06-2015

Instead of UGI or JAAS with a principal/keytab, is it possible to use the existing token files in an Oozie workflow within a Java action and JDBC connection?

kkane · ‎11-06-2015

Pulled this from an Oozie patch:

...

String delegationToken = getFilePathFromEnv("HADOOP_TOKEN_FILE_LOCATION");
         if (delegationToken != null) {              
	     hiveConf.set("mapreduce.job.credentials.binary", delegationToken);
+            hiveConf.set("tez.credentials.path", delegationToken);

...

View solution in original post

kkane · ‎11-06-2015

Pulled this from an Oozie patch:

...

String delegationToken = getFilePathFromEnv("HADOOP_TOKEN_FILE_LOCATION");
         if (delegationToken != null) {              
	     hiveConf.set("mapreduce.job.credentials.binary", delegationToken);
+            hiveConf.set("tez.credentials.path", delegationToken);

...

Aaron_Dossett · ‎12-01-2015

This would be a great scenario to figure out for my team. We have a java action that makes a JDBC connection to HS2. Can we somehow use the local token file in conjunction with the JDBC connection string to create a secure connection. I can't get that to work.

Instead I'm using JAAS, which requires have a keytab file accessible on every node. I'd like to get away from that.

Cloudera Community

Support Questions

Can I use the token files present in Oozie to do Kerberos login?