Configuring Authentication with Kerberos
Also available as:
PDF
loading table of contents...

Create the Java client

Follow these steps to create a Java client:

  1. Launch Eclipse.
  2. Create a simple Maven project.
  3. Add the hbase-client and hadoop-auth dependencies.

    The client uses the Hadoop UGI utility class to perform a Kerberos authentication using the keytab file. It sets up the context so that all operations are performed under the hbase-user2 security context. Then, it performs the required HBase operations, namely check / create table and perform a put and get operations.


<dependencies>
    <dependency>
      <groupId>org.apache.hbase</groupId>
      <artifactId>hbase-client</artifactId>
      <version>${hbase.version}</version>
      <exclusions>
        <exclusion>
          <groupId>org.apache.hadoop</groupId>
          <artifactId>hadoop-aws</artifactId>
        </exclusion>
      </exclusions>
    </dependency>
    <dependency>
      <groupId>org.apache.hadoop</groupId>
      <artifactId>hadoop-auth</artifactId>
      <version>${hadoop.version}</version>
    </dependency>
    <dependency>
      <groupId>org.apache.hadoop</groupId>
      <artifactId>hadoop-common</artifactId>
      <version>${hadoop.version}</version>
    </dependency>
    <dependency>

  1. Execute the HBase Java client code from a node that can be reverse-DNS resolved.
    This is part of Kerberos authentication. Therefore, running it from a machine that does not share the same DNS infrastructure as the HDP cluster results in authentication failure.
  2. To validate that your Kerberos authentication / keytab / principal does indeed work, you can also perform a simple Kerberos authentication from Java. This provides you with some insight into how Java JAAS and Kerberos works.

    It is highly recommended that you use either Maven Shade Plugin or Maven Jar Plugin to automatically package dependencies into a fat-client JAR. You can also use Eclipse Export feature, however this is not recommended for production code base.