Friday, December 1, 2017

Login HDFS using keytab instead of password after enabling security

[donghua@cdh-vm ~]$ kinit root/admin@DBAGLOBE.COM
Password for root/admin@DBAGLOBE.COM:

[donghua@cdh-vm ~]$ kadmin xst -k donghua.keytab donghua@DBAGLOBE.COM
Password for root/admin@DBAGLOBE.COM:
Entry for principal donghua@DBAGLOBE.COM with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:donghua.keytab.
Entry for principal donghua@DBAGLOBE.COM with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:donghua.keytab.

[donghua@cdh-vm ~]$ klist -e -k -t donghua.keytab
Keytab name: FILE:donghua.keytab
KVNO Timestamp           Principal
---- ------------------- ------------------------------------------------------
   2 12/01/2017 06:58:30 donghua@DBAGLOBE.COM (aes256-cts-hmac-sha1-96)
   2 12/01/2017 06:58:30 donghua@DBAGLOBE.COM (aes128-cts-hmac-sha1-96)


[donghua@cdh-vm ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: root/admin@DBAGLOBE.COM

Valid starting       Expires              Service principal
12/01/2017 06:57:08  12/02/2017 06:57:08 
krbtgt/DBAGLOBE.COM@DBAGLOBE.COM


[donghua@cdh-vm ~]$ kdestroy

[donghua@cdh-vm ~]$ kinit -t donghua.keytab donghua@DBAGLOBE.COM
keytab specified, forcing –k


[donghua@cdh-vm ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: donghua@DBAGLOBE.COM

Valid starting       Expires              Service principal
12/01/2017 06:59:24  12/02/2017 06:59:24 
krbtgt/DBAGLOBE.COM@DBAGLOBE.COM


[donghua@cdh-vm ~]$ hdfs dfs -ls /user/donghua
Found 1 items
-rw-r--r--   1 donghua donghua   46837865 2017-12-01 06:07 /user/donghua/IOTDataDemo.csv