Re: Login usecase

2016-07-18 Thread Brandon Allbery
You are going to have to describe what you are trying to do in more detail. Keytabs are not normally used for this purpose, except in the case of automated procedures (e.g. cron) that need to log in to a service as if they are a user. Perhaps you have confused keytabs (“passwords” on disk) with

Re: Login usecase

2016-07-18 Thread Aneela Saleem
Thanks Brandon for your response. Actually, My use-case is that I have a web application that authenticates a user. Then user calls my backend services written in java to interact with hadoop cluster. My hadoop cluster is kerberos-enabled. I need to authenticate this user using my java code. I am

Re: Login usecase

2016-07-18 Thread Brandon Allbery
While I can’t give you details, it sounds like you want to change the web application to use SPNEGO to do Kerberos authentication with a user; this gives you a credential that you can then use to authenticate to Hadoop. From: Aneela Saleem Date: Monday, July 18, 2016 at 11:13 To: Brandon Allber

Re: Login usecase

2016-07-18 Thread Aneela Saleem
Yep, that will be great. On Mon, Jul 18, 2016 at 8:41 PM, Brandon Allbery wrote: > While I can’t give you details, it sounds like you want to change the web > application to use SPNEGO to do Kerberos authentication with a user; this > gives you a credential that you can then use to authenticate

Re: Login usecase

2016-07-18 Thread Todd Grayson
Aneela, HDFS supports the use of the \L lowercase "macro". This is implemented through the HDFS auth_to_local rules, it can be applied using the additional rules if within the CDH. The relationship for kebreros from hadoop (for a major portion of the platform) traverses the java JGSS implementa

Re: Login usecase

2016-07-18 Thread Todd Grayson
(and I realize kerberos doesn't do groups) On Mon, Jul 18, 2016 at 12:05 PM, Todd Grayson wrote: > Aneela, > > HDFS supports the use of the \L lowercase "macro". This is implemented > through the HDFS auth_to_local rules, it can be applied using the > additional rules if within the CDH. The r

Re: Login usecase

2016-07-18 Thread Todd Grayson
Neela, depending on distribution in use, much of the discussion is here https://hadoop.apache.org/docs/r2.6.0/hadoop-auth/Configuration.html The service (in this case Hadoop core across a subset of the services) gets its ticket granting ticket as it starts up. The user or client application as

Re: Login usecase

2016-07-18 Thread Aneela Saleem
Thanks Brandon and Todd, I still have some confusions. Please guide me I'm just a beginner. At the current stage I'm not implementing single-sign on. Here is the flow of our application Screenshotfrom2016-07-12171018.jpg