Available in VPC
To access Secure Hadoop from external services (such as Jupyter Notebook, NKS, and general servers), the set-up of the Kerberos configuration file and the pre-authentication process are required.
1. etc/krb5.conf Configure
- To access Secure Hadoop from an external server or VM, configure the Kerberos environment information.
- Copy the content of the
/etc/krb5.conffile in the Secure Hadoop edge node. - Save the copied content in /etc/krb5.conf of an external server or VM to configure the Kerberos Realm and KDC information.
2. Perform authentication through keytab or kinit
-
Set up the Kerberos authentication before running the source code that accesses Secure Hadoop.
-
Examples of the keytab authentication method.
import subprocess def kinit_with_keytab(principal: str, keytab_path: str): try: result = subprocess.run( ["kinit", "-kt", keytab_path, principal], check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE ) print(f"[INFO] kinit succeeded: {principal}") except subprocess.CalledProcessError as e: print(f"[ERROR] kinit failed: {e.stderr.decode().strip()}") # Usage examples principal = "user1@USER.GUIDE" keytab_path = "/tmp/user1.keytab" kinit_with_keytab(principal, keytab_path) -
Examples of the password login method.
import subprocess import getpass def kinit_with_password(principal: str): try: # Receive the password entered by the user (hidden process). password = getpass.getpass(prompt=f"{principal}'s Kerberos password: ") # Run kinit with subprocess. process = subprocess.run( ["kinit", principal], input=password.encode(), # forward the password to stdin. stdout=subprocess.PIPE, stderr=subprocess.PIPE, check=True ) print(f"[INFO] kinit succeeded: {principal}") except subprocess.CalledProcessError as e: print(f"[ERROR] kinit failed: {e.stderr.decode().strip()}") # Usage examples principal = "user1@USER.GUIDE" kinit_with_password(principal)