I am configuring HDFS as deep storage for Druid and trying to figure out a way to pass kerberos keytab file for authentication.
Is there a Java System argument to pass the keytab file location?
Asked
Active
Viewed 503 times
0
-
Did you check that Druid "issue", especially the two **undocumented** env variables? https://github.com/druid-io/druid/issues/1588 – Samson Scharfrichter Apr 19 '16 at 13:53
-
@Samson - Yes but that doesn't seem to work! – jagamot Apr 19 '16 at 17:06
-
Did you activate the debug mode of Kerberos, both at JAAS and Hadoop levels? cf. `-Dsun.security.spnego.debug=true`and `export HADOOP_JAAS_DEBUG=true` as explained in https://steveloughran.gitbooks.io/kerberos_and_hadoop/content/sections/secrets.html – Samson Scharfrichter Apr 19 '16 at 21:04
1 Answers
0
Shall we put the keytab file to kinit by -t parameter?
For example:
kinit -t /path/to/keytab
Horsing
- 1,070
- 7
- 22
-
That would be `kinit -kt /path/to/keytab principal@REALM` with optional settings about "lifetime" and "renewal lifetime" -- e.g. if your ticket is valid for 8 hours *(usually capped at 10h by the KDC config anyway)* and renewable 2 days *(capped at 7d)* then you might **cron** a `kinit -kt blah blah` (ticket re-creation) every day at "0 0 * * *" and a simple `kinit -R` (ticket renewal) at "0 6,12,18 * * *" – Samson Scharfrichter Apr 19 '16 at 13:59