大数据 爬虫Python AI Sql大数据玩转大数据

使用Kerberos安全读取HDFS文件

2018-07-12  本文已影响27人  大猪大猪

使用指南

导入依赖包

compile group: 'org.apache.hadoop', name: 'hadoop-hdfs', version: '2.7.6'
compile group: 'org.apache.hadoop', name: 'hadoop-common', version: '2.7.6'

krb5.conf 文件(从KDC服务器上复制下来)

[libdefaults]
  renew_lifetime = 7d
  forwardable = true
  default_realm = EXAMPLE.COM
  ticket_lifetime = 24h
  dns_lookup_realm = false
  dns_lookup_kdc = false
  default_ccache_name = /tmp/krb5cc_%{uid}
  #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
  #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5

[logging]
  default = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmind.log
  kdc = FILE:/var/log/krb5kdc.log

[realms]
  EXAMPLE.COM = {
    admin_server = storm1.demo.com
    kdc = storm1.demo.com
  }

admin.keytab 文件位置(从服务器复制下来)
生成方式

root@storm1 ~# kadmin.local
Authenticating as principal admin/admin@EXAMPLE.COM with password.
kadmin.local:  xst -k admin.keytab -norandkey admin/admin
Entry for principal admin/admin with kvno 6, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin with kvno 6, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin with kvno 6, encryption type des3-cbc-sha1 added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin with kvno 6, encryption type arcfour-hmac added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin with kvno 6, encryption type camellia256-cts-cmac added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin with kvno 6, encryption type camellia128-cts-cmac added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin with kvno 6, encryption type des-hmac-sha1 added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin with kvno 6, encryption type des-cbc-md5 added to keytab WRFILE:admin.keytab.
kadmin.local:  exit

在当前目录会生成一个文件

root@storm1 ~# ls
admin.keytab

JAVA代码

public void testExist() throws IOException {
        String file = "hdfs://storm1.demo.com:8020";
        System.setProperty("java.security.krb5.conf", "/etc/krb5.conf");
        Configuration conf = new Configuration();
        conf.set("hadoop.security.authentication", "kerberos");
        conf.set("java.security.krb5.conf", "/etc/krb5.conf");
        UserGroupInformation.setConfiguration(conf);
        try {
            UserGroupInformation.loginUserFromKeytab("admin/admin", "/Users/huanghuanlai/dounine/kerberos/keytabs/admin.keytab");
        } catch (Exception e) {
            e.printStackTrace();
        }
        FileSystem fs = FileSystem.get(URI.create(file), conf);
        System.out.println(fs.exists(new Path("/")));
    }

运行效果


image.png
上一篇下一篇

猜你喜欢

热点阅读