3

In the middleware (using Spring Boot) we are developing,we need to connect to several Kerberised services (Oozie,Solr,Hive Server..etc) using their Java clients (Oozie Java client,SolrJ Client, kerberos enabled JDBCC..etc )

I managed to connect to Solr and Hive Server separately (by having separate jass.conf, keytabs). But now we need to connect to these different services within the same JVM process.

1) Is this possible to connect to different kerberized services with different principals (same realm)

2) Is this supported by JAAS?

My jaas.conf for connecting to Solr looks like this

SolrJClient {
  com.sun.security.auth.module.Krb5LoginModule required
  useKeyTab=true
  keyTab="./ambari-infra-solr.service.keytab"
  storeKey=true
  useTicketCache=true
  debug=true
  doNotPrompt=true
  principal="infra-solr/server-yy-hdp-stg001.stg.xxx.zzz.local@C6KHDPSTG.LOCAL";
};
Ashika Umanga Umagiliya
  • 8,988
  • 28
  • 102
  • 185
  • 1
    Why on earth do you need different Kerberos principals to connect a client to different services?? And why use a SPN for a client??? That seems to defeat the purpose of Kerberos **authentication**. – Samson Scharfrichter Dec 11 '18 at 17:59
  • 1
    About setting multiple entries in the same JAAS config (and even multiple protocols in the same entry) cf. https://stackoverflow.com/questions/45770743/kerberos-error-connecting-to-impala-and-hbase – Samson Scharfrichter Dec 11 '18 at 18:10

0 Answers0