Kerberos Java凭证缓存 [英] Kerberos Java Credentials Cache

查看:1077
本文介绍了Kerberos Java凭证缓存的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述


$ b

  val t1 = new Thread(){
覆盖def run(){
println(第一个线程的输出)
val conf = new配置
conf.set(hadoop.security.authentication,Kerberos )
conf.set(fs.defaultFS,hdfs://192.168.23.206:8020)
UserGroupInformation.setConfiguration(conf)
UserGroupInformation.loginUserFromKeytab(dummy @ platalyticsrealm ,E:\\\\\\\\\\\');
val fs = FileSystem.get(conf);
val status = fs.listStatus(new Path(/))

println(UserGroupInformation.getLoginUser()。getShortUserName())
}
}
val t2 = new Thread(){
override def run(){
println(Running Thread 2)
val conf = new配置
conf.set hadoop.security.authentication,Kerberos)
conf.set(fs.defaultFS,hdfs://192.168.23.206:8020)
UserGroupInformation.setConfiguration(conf)
UserGroupInformation.loginUserFromKeytab(test @ platalyticsrealm,E:\\\\test.keytab);
val fs = FileSystem.get(conf);
val status = fs.listStatus(new Path(/))

println(UserGroupInformation.getLoginUser()。getShortUserName())

}

t1.start
Thread.sleep(5000)
t2.start

这段代码产生如下输出:

test

测试



这意味着第二个线程会覆盖第一个线程获得的凭据。
我有以下问题
1.凭据存储在我的Windows环境中。我在C:\ Users \用户名下搜索,但我没有找到。
2.当多个用户一次尝试访问hadoop时,我该如何解决覆盖凭据缓存的这个问题。



谢谢

$您的Java代码清楚地使用静态方法来设置默认,隐式,全局,JVM范围内的 / strong> UGI。这就是人们需要99%的时间。



但是如果您需要为多个用户提供多个会话,则在客户端 - 服务器模式下,那么显然这是行不通的。请阅读Google搜索上随机选择的该教程 ,在<多个UGIs> 部分下。然后自己做一些研究。



如果你想深入了解脏的实现细节,你可以看看令人惊叹的魔鬼世界,这个人实际上维护着Hadoop安全代码库(也是Spark代码库和ZK代码库),并不太高兴。


I am running following code to interact with the kerberos enabled hadoop cluster.

val t1 = new Thread() {
            override def run() {
                println("output of first thread")
                val conf = new Configuration
                conf.set("hadoop.security.authentication", "Kerberos")
                conf.set("fs.defaultFS", "hdfs://192.168.23.206:8020")
                UserGroupInformation.setConfiguration(conf)
                UserGroupInformation.loginUserFromKeytab("dummy@platalyticsrealm", "E:\\\\dummy.keytab");
                val fs = FileSystem.get(conf);
                val status = fs.listStatus(new Path("/"))

                println(UserGroupInformation.getLoginUser().getShortUserName())
            }
        }
val t2 = new Thread() {
            override def run() {
                println("Running Thread 2")
                val conf = new Configuration
                conf.set("hadoop.security.authentication", "Kerberos")
                conf.set("fs.defaultFS", "hdfs://192.168.23.206:8020")
                UserGroupInformation.setConfiguration(conf)
                UserGroupInformation.loginUserFromKeytab("test@platalyticsrealm", "E:\\\\test.keytab");
                val fs = FileSystem.get(conf);
                val status = fs.listStatus(new Path("/"))

                println(UserGroupInformation.getLoginUser().getShortUserName())

            }
        }
        t1.start
        Thread.sleep(5000)
        t2.start

This code produces following output.

test

test

It means the second thread over-write the credentials obtained by first thread. I have following questions 1. Where credentials are stored in my windows environment. I searched under C:\Users\username but i did not find. 2. How can i tackle this problem of over-writing credentials cache when multiple users try to access hadoop at a time.

Thanks

解决方案

Your Java code clearly uses static methods to set the default, implicit, global, JVM-wide UGI. That's what people need 99% of the time.

But if you need to serve multiple sessions for multiple users, in client-server mode, then clearly that cannot work. Please read that tutorial chosen at random on a Google search, under section "Multiple UGIs". Then do some research by yourself.

If you want to dig into the dirty implementation details, you might peek into that awe-inspiring grimoire by the guy who actually maintains the Hadoop security code base (also the Spark code base and the ZK code base) and is not too happy about that.

这篇关于Kerberos Java凭证缓存的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆