sqoop-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "sachin pawar (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SQOOP-499) Implement kerberos support for client shell
Date Fri, 20 Jul 2012 22:35:34 GMT

    [ https://issues.apache.org/jira/browse/SQOOP-499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13419634#comment-13419634

sachin pawar commented on SQOOP-499:


I am trying a simple sqoop client code from remote machine on kerberos enabled hadoop.

System.setProperty( "java.security.krb5.realm", "<realm.name>"); 
System.setProperty( "java.security.krb5.kdc", "<kdchost>");

String sqoopArgs[] = new String[] 
			"-D", "fs.default.name=hdfs://<hadoophost>:8020/",
			"-D", "mapred.job.tracker=<hadoophost>:8021",
			"-D", "hadoop.security.authentication=kerberos",
                        "-D", "mapreduce.jobtracker.kerberos.principal=mapred/<host-domain>",
                        "-D", "dfs.namenode.kerberos.principal=hdfs/<host-domain>",
			"--connect", "jdbc:sqlserver://<dbhost>:1433;databaseName=SqoopTestDB",
			"--username", "sa", 
			"--password", "sa", 
			"--table", "bizunit",

		// ====================================
		ImportTool iTool = new ImportTool();
		Sqoop sqoop = new Sqoop(iTool);
		try {
			ToolRunner.run(sqoop, sqoopArgs);
		} catch (Exception e) {
			// TODO Auto-generated catch block

when I debuged this code with sqoop source i found that ImportJobBase.runImport() creates
a new Job instance
with passed in configuration. At this point the configuration matches to what I set in the
during the initialization the execution reaches UserGroupInformation getLoginUser()method.

then it does following

   * A method to initialize the fields that depend on a configuration.
   * Must be called before useKerberos or groups is used.
  private static synchronized void ensureInitialized() {
    if (!isInitialized) {
      initialize(new Configuration());

here initialize is called using a new empty configuration and not using the configuration
I set.
due to this the UserGroupInformation instance returned is always sets to Simple authentication
ignoring my setting for kerberos mode.

with above configuration when I call following

UserGroupInformation ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(<principal>,

I get ugi with kerberos auth settings.

but this does not happen to the ugi that sqoop generate.

thanks sachin
> Implement kerberos support for client shell
> -------------------------------------------
>                 Key: SQOOP-499
>                 URL: https://issues.apache.org/jira/browse/SQOOP-499
>             Project: Sqoop
>          Issue Type: Task
>            Reporter: Arvind Prabhakar
>             Fix For: 2.0.0
> The client shell should be able to identify the user principal from the active kerberos

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message