Preparing Kerberos Authentication
Scenario Description
In cluster environment with Kerberos authentication enabled, the components must be mutually authenticated before communicating with each other to ensure communication security.
When submitting MapReduce applications, users need to communicate with Yarn and HDFS. Code for security authentication needs to be written into the MapReduce application to be submitted to ensure that MapReduce can work properly.
Two security authentication modes are available.
Security Authentication Code
Currently, the LoginUtil class is invoked for security authentication in a unified manner.
In the MapReduce sample project code, test@HADOOP.COM, user.keytab, and krb5.conf are examples. In actual operations, contact the administrator to obtain the keytab and krb5.conf files corresponding to the account and the permission. Save the keytab and krb5.conf files to the conf directory of the sample code. The code for security login is as follows:
Modify the authentication information based on the site requirements.
public static final String PRINCIPAL= "test@HADOOP.COM"; public static final String KEYTAB = FemaleInfoCollector.class.getClassLoader().getResource("user.keytab").getPath(); public static final String KRB = FemaleInfoCollector.class.getClassLoader().getResource("krb5.conf").getPath();
// Check whether the security mode is used. if("kerberos".equalsIgnoreCase(conf.get("hadoop.security.authentication"))){ // Security login System.setProperty("java.security.krb5.conf", KRB); LoginUtil.login(PRINCIPAL, KEYTAB, KRB, conf); }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.