Support Questions
Find answers, ask questions, and share your expertise

Can I use the token files present in Oozie to do Kerberos login?

Contributor

Instead of UGI or JAAS with a principal/keytab, is it possible to use the existing token files in an Oozie workflow within a Java action and JDBC connection?

1 ACCEPTED SOLUTION

Accepted Solutions

Contributor

Pulled this from an Oozie patch:

...

String delegationToken = getFilePathFromEnv("HADOOP_TOKEN_FILE_LOCATION");
         if (delegationToken != null) {              
	     hiveConf.set("mapreduce.job.credentials.binary", delegationToken);
+            hiveConf.set("tez.credentials.path", delegationToken);

...

View solution in original post

2 REPLIES 2

Contributor

Pulled this from an Oozie patch:

...

String delegationToken = getFilePathFromEnv("HADOOP_TOKEN_FILE_LOCATION");
         if (delegationToken != null) {              
	     hiveConf.set("mapreduce.job.credentials.binary", delegationToken);
+            hiveConf.set("tez.credentials.path", delegationToken);

...

View solution in original post

Contributor

This would be a great scenario to figure out for my team. We have a java action that makes a JDBC connection to HS2. Can we somehow use the local token file in conjunction with the JDBC connection string to create a secure connection. I can't get that to work.

Instead I'm using JAAS, which requires have a keytab file accessible on every node. I'd like to get away from that.