Preparing the Authentication Mechanism
Scenario
In a safe cluster environment, the communication among components cannot be a simple communication. Components must be authorized by each other before the communication to ensure the security of the communication.
When users are developing the MapReduce application, the MapReduce is required to interwork with Yarn and HDFS in certain scenarios. Therefore, security authentication code must be written into the MapReduce application to ensure that the MapReduce application can run properly.
Two security authentication methods are described as follows:
- Authentication by running command lines:
Before submitting the MapReduce application for running, run the following command in the MapReduce client to obtain authentication:
kinit component service user
- Authentication by adding code:
Authenticate by obtaining principal and keytab files of the client.
MapReduce Security Authentication Code
The security authentication is completed by calling the LoginUtil class.
In the code of the FemaleInfoCollector class in the com.huawei.bigdata.mapreduce.examples package of the sample project MapReduce, test@<system domain name>, user.keytab, and krb5.conf are examples. In practice, contact the admin to obtain your keytab and krb5.conf files and place them in the conf directory.):
public static final String PRINCIPAL= "test@<system domain name>"; public static final String KEYTAB = FemaleInfoCollector.class.getClassLoader().getResource("user.keytab").getPath(); public static final String KRB = FemaleInfoCollector.class.getClassLoader().getResource("krb5.conf").getPath(); ... // Security login LoginUtil.login(PRINCIPAL, KEYTAB, KRB, conf);
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot