Updated on 2022-09-14 GMT+08:00

Preparing the Authentication Mechanism

Scenario

In a safe cluster environment, the communication among components cannot be a simple communication. Components must be authorized by each other before the communication to ensure the security of the communication.

When users are developing the MapReduce application, the MapReduce is required to interwork with Yarn and HDFS in certain scenarios. Therefore, security authentication code must be written into the MapReduce application to ensure that the MapReduce application can run properly.

Two security authentication methods are described as follows:

  • Authentication by running command lines:

    Before submitting the MapReduce application for running, run the following command in the MapReduce client to obtain authentication:

    kinit component service user

  • Authentication by adding code:

    Authenticate by obtaining principal and keytab files of the client.

MapReduce Security Authentication Code

The security authentication is completed by calling the LoginUtil class.

In the code of the FemaleInfoCollector class in the com.huawei.bigdata.mapreduce.examples package of the sample project MapReduce, test@<system domain name>, user.keytab, and krb5.conf are examples. In practice, contact the admin to obtain your keytab and krb5.conf files and place them in the conf directory.):

public static final String PRINCIPAL= "test@<system domain name>"; 
public static final String KEYTAB = FemaleInfoCollector.class.getClassLoader().getResource("user.keytab").getPath(); 
public static final String KRB = FemaleInfoCollector.class.getClassLoader().getResource("krb5.conf").getPath();
...
// Security login
LoginUtil.login(PRINCIPAL, KEYTAB, KRB, conf);