使用Kerberos安全读取HDFS文件
2018-07-12 本文已影响27人
大猪大猪
使用指南
导入依赖包
compile group: 'org.apache.hadoop', name: 'hadoop-hdfs', version: '2.7.6'
compile group: 'org.apache.hadoop', name: 'hadoop-common', version: '2.7.6'
krb5.conf 文件(从KDC
服务器上复制下来)
[libdefaults]
renew_lifetime = 7d
forwardable = true
default_realm = EXAMPLE.COM
ticket_lifetime = 24h
dns_lookup_realm = false
dns_lookup_kdc = false
default_ccache_name = /tmp/krb5cc_%{uid}
#default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
#default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
[logging]
default = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
kdc = FILE:/var/log/krb5kdc.log
[realms]
EXAMPLE.COM = {
admin_server = storm1.demo.com
kdc = storm1.demo.com
}
admin.keytab 文件位置(从服务器复制下来)
生成方式
root@storm1 ~# kadmin.local
Authenticating as principal admin/admin@EXAMPLE.COM with password.
kadmin.local: xst -k admin.keytab -norandkey admin/admin
Entry for principal admin/admin with kvno 6, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin with kvno 6, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin with kvno 6, encryption type des3-cbc-sha1 added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin with kvno 6, encryption type arcfour-hmac added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin with kvno 6, encryption type camellia256-cts-cmac added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin with kvno 6, encryption type camellia128-cts-cmac added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin with kvno 6, encryption type des-hmac-sha1 added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin with kvno 6, encryption type des-cbc-md5 added to keytab WRFILE:admin.keytab.
kadmin.local: exit
在当前目录会生成一个文件
root@storm1 ~# ls
admin.keytab
JAVA代码
public void testExist() throws IOException {
String file = "hdfs://storm1.demo.com:8020";
System.setProperty("java.security.krb5.conf", "/etc/krb5.conf");
Configuration conf = new Configuration();
conf.set("hadoop.security.authentication", "kerberos");
conf.set("java.security.krb5.conf", "/etc/krb5.conf");
UserGroupInformation.setConfiguration(conf);
try {
UserGroupInformation.loginUserFromKeytab("admin/admin", "/Users/huanghuanlai/dounine/kerberos/keytabs/admin.keytab");
} catch (Exception e) {
e.printStackTrace();
}
FileSystem fs = FileSystem.get(URI.create(file), conf);
System.out.println(fs.exists(new Path("/")));
}
运行效果
image.png