kerberos - w3toppers.com

Should I call ugi.checkTGTAndReloginFromKeytab() before every action on hadoop?

Hadoop committer here! This is an excellent question. Unfortunately, it’s difficult to give a definitive answer to this without a deep dive into the particular usage patterns of the application. Instead, I can offer general guidelines and describe when Hadoop would handle ticket renewal or re-login from a keytab automatically for you, and when it … Read more

Error when connect to impala with JDBC under kerberos authrication

Forget about the Hadoop UGI: a JDBC driver just needs the raw JAAS configuration to create a Kerberos ticket on-the-fly (with useKeyTab raised and useTicketCache lowered). System properties java.security.krb5.conf => (optional) non-defaut Kerberos conf java.security.auth.login.config => JAAS config file javax.security.auth.useSubjectCredsOnly => must be forced to “false” (the default has changed in some Java release, duh) … Read more