Hi Ben,
I have java client to connect to Kerberos enabled Hadoop. Client should be able
to connect different realms at the same time.
I am using following code to interact with Kerberos enabled Hadoop.
UserGroupInformation.loginUserFromKeytab("hdfs/pivhdsne....@new.com","/root/hdfsNew.keytab");
System.out.println("Obtained......\n\n\n\n");
URI uri = URI.create("webhdfs://IP:50070 ");
FileSystem fs = FileSystem.get(uri, configuration);
if (fs.mkdirs(new Path("/testKerbhdfsUser")))
System.out.print("Directory created...");
The API is recognizing only default_realm.
Krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm=NEW.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 1m
renew_lifetime = 7d
forwardable = true
default_ccache_name =FILE:/tmp/hello/tktj0gw2g
[realms]
NEW.COM = {
kdc = bharath.kdc
admin_server = bharath.kdc
}
EXAMPLE.COM = {
kdc = wckdserver.krbnet
admin_server = wckdserver.krbnet
}
[domain_realm]
.example.com = EXAMPLE.COM
.new.com = NEW.COM
pivhdsne.localdomain = EXAMPLE.COM
pivhdsne.rupam = NEW.COM
Thanks,
Bharath
-----Original Message-----
From: Benjamin Kaduk [mailto:ka...@mit.edu]
Sent: Friday, October 17, 2014 9:49 PM
To: Phatak, Bharath
Cc: kerberos@mit.edu
Subject: Re: Multiple realms
I am not sure I fully understand the situation, but are the appropriate
[domain_realm] mappings in the krb5.conf?
-Ben Kaduk
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
