sqoop-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "sachin pawar (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SQOOP-499) Implement kerberos support for client shell
Date Fri, 20 Jul 2012 22:35:34 GMT

    [ https://issues.apache.org/jira/browse/SQOOP-499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13419634#comment-13419634
] 

sachin pawar commented on SQOOP-499:
------------------------------------

Kathleen,

I am trying a simple sqoop client code from remote machine on kerberos enabled hadoop.

System.setProperty( "java.security.krb5.realm", "<realm.name>"); 
System.setProperty( "java.security.krb5.kdc", "<kdchost>");

String sqoopArgs[] = new String[] 
		{
			"-D", "fs.default.name=hdfs://<hadoophost>:8020/",
			"-D", "mapred.job.tracker=<hadoophost>:8021",
			"-D", "hadoop.security.authentication=kerberos",
                        "-D", "mapreduce.jobtracker.kerberos.principal=mapred/<host-domain>",
                        "-D", "dfs.namenode.kerberos.principal=hdfs/<host-domain>",
			"--connect", "jdbc:sqlserver://<dbhost>:1433;databaseName=SqoopTestDB",
			"--username", "sa", 
			"--password", "sa", 
			"--table", "bizunit",
		};

	
		// ====================================
		
		ImportTool iTool = new ImportTool();
		Sqoop sqoop = new Sqoop(iTool);
	
		try {
			System.out.println("Started....");
			ToolRunner.run(sqoop, sqoopArgs);
			System.out.println("=======DONE==========");
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}

when I debuged this code with sqoop source i found that ImportJobBase.runImport() creates
a new Job instance
with passed in configuration. At this point the configuration matches to what I set in the
code.
during the initialization the execution reaches UserGroupInformation getLoginUser()method.

then it does following

/** 
   * A method to initialize the fields that depend on a configuration.
   * Must be called before useKerberos or groups is used.
   */
  private static synchronized void ensureInitialized() {
    if (!isInitialized) {
      initialize(new Configuration());
    }
  }

here initialize is called using a new empty configuration and not using the configuration
I set.
due to this the UserGroupInformation instance returned is always sets to Simple authentication
mode
ignoring my setting for kerberos mode.

with above configuration when I call following

UserGroupInformation.setConfiguration(kconf);
UserGroupInformation ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(<principal>,
"<keytablocation>");

I get ugi with kerberos auth settings.

but this does not happen to the ugi that sqoop generate.

thanks sachin
                
> Implement kerberos support for client shell
> -------------------------------------------
>
>                 Key: SQOOP-499
>                 URL: https://issues.apache.org/jira/browse/SQOOP-499
>             Project: Sqoop
>          Issue Type: Task
>            Reporter: Arvind Prabhakar
>             Fix For: 2.0.0
>
>
> The client shell should be able to identify the user principal from the active kerberos
session.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message