hadoop 的用户鉴权是基于JAAS的,其中hadoop.security.authentication属性 有simple 和kerberos 等方式。如果hadoop.security.authentication等于”kerberos”,那么是“hadoop-user-kerberos”或者“hadoop-keytab-kerberos”,否则是“hadoop-simple”。 当用户登陆的时候,若org.apache.hadoop.security.User为空,那么说明尚未登录过,调用静态方法getLoginUser()创建org.apache.hadoop.security.UserGroupInformatio实例,在getLoginUser()中又会调用HadoopLoginModule的login()和commit()方法。
Make sure that you have a Hadoop conf directory on the client machine, then copy core-stie.xml, hdfs-site.xml, and mapred-site.xml from the remote cluster into the conf directory. Include the conf directory in the Java program's class path.
在使用了kerberos的情况下,从javax.security.auth.kerberos.KerberosPrincipal的实例获取username。在没有使用kerberos时,首先读取hadoop 的系统环境变量,如果没有的话,对于windows 从com.sun.security.auth.NTUserPrincipal 获取用户名,对于类unix 从com.sun.security.auth.UnixPrincipal 中获得用户名,然后再看该用户属于哪个group,从而完成登陆认证。
org.apache.hadoop.conf.Configuration conf = new org.apache.hadoop.conf.Configuration();
conf.set("hadoop.security.authentication", "kerberos");
conf.set("hadoop.security.authorization", "true");
try {
LOG.info("=======================kerberos 开始认证=========================== ");
String user = " test@CDH.COM ";
String kpath = "/home/test/test.keytab";
String cpath = "/home/test/krb5.conf";
System.setProperty("java.security.krb5.conf", cpath);
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab(user, kpath);
} catch (IOException e) {
LOG.info("=======================kerberos 认证异常=========================== ");
e.printStackTrace();
}
Make sure that you have a Hadoop conf directory on the client machine, then copy core-stie.xml, hdfs-site.xml, and mapred-site.xml from the remote cluster into the conf directory. Include the conf directory in the Java program's class path.
在使用了kerberos的情况下,从javax.security.auth.kerberos.KerberosPrincipal的实例获取username。在没有使用kerberos时,首先读取hadoop 的系统环境变量,如果没有的话,对于windows 从com.sun.security.auth.NTUserPrincipal 获取用户名,对于类unix 从com.sun.security.auth.UnixPrincipal 中获得用户名,然后再看该用户属于哪个group,从而完成登陆认证。
org.apache.hadoop.conf.Configuration conf = new org.apache.hadoop.conf.Configuration();
conf.set("hadoop.security.authentication", "kerberos");
conf.set("hadoop.security.authorization", "true");
try {
LOG.info("=======================kerberos 开始认证=========================== ");
String user = " test@CDH.COM ";
String kpath = "/home/test/test.keytab";
String cpath = "/home/test/krb5.conf";
System.setProperty("java.security.krb5.conf", cpath);
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab(user, kpath);
} catch (IOException e) {
LOG.info("=======================kerberos 认证异常=========================== ");
e.printStackTrace();
}