Hi Jorge, If you use Hadoop library as a client, and your first login using key is via UserGroupInformation#loginUserFromKeytab(), the client automatically relogins again using keytab when it gets an exception (see o.a.h.ipc.Client#handleSaslConnectionFailure).
Note: using UserGroupInformation.loginUserFromSubject() won't do the same. It is used when you have a valid tgt. On Tue, Jan 2, 2018 at 11:40 AM, Jorge Machado <[email protected]> wrote: > Hey everyone, I was working with UserGroupInformation Class and Kerberos. > > Is there a proper example how to renew the Kerkebros Ticket from a keytab > ? > > For Example: > > assuming that I have the jaas.config set in the jvm I do: > > UserGroupInformation loginUser = UserGroupInformation.getLoginUser(); > This will login the user but not using a keytab. > > Using this code it will login with Kerberos: > UserGroupInformation.setConfiguration(conf); > Krb5LoginModule context = new Krb5LoginModule(); > Subject subject = new Subject(); > javax.security.auth.login.Configuration jconf = javax.security.auth.login. > Configuration.getConfiguration(); > AppConfigurationEntry entries[] = jconf.getAppConfigurationEntry(" > Client"); > context.initialize(subject,null, new HashMap<String, String>(), > entries[0].getOptions()); > context.login(); > context.commit(); > UserGroupInformation.loginUserFromSubject(subject); > > > How Do I make sure that my Keytab get’s renewed ? I think Hadoop Libraries > should take of this. I can count a lot of projects implementing their own > TicketRewener… > > Any suggestions here ? > > Thanks > > > Jorge Machado > > > > > > > -- A very happy Hadoop contributor
