How to Authenticate Kerberos Principals Using Java
To authenticate Kerberos principals in custom applications using Java, import the
UserGroupInformation
class from the Hadoop security library into your
application and use it to pass principals and keytabs to the Kerberos service. This basic
example shows hard-coded passing of principal cloudera
and a
cloudera.keytab
file:// Authenticating Kerberos principal
System.out.println("Principal Authentication: ");
final String user = "cloudera@CLOUDERA.COM";
final String keyPath = "cloudera.keytab";
UserGroupInformation.loginUserFromKeytab(user, keyPath);
The UserGroupInformation class
(org.apache.hadoop.security.UserGroupInformation
) has methods to handle
tokens, proxy users, and many other tasks required for your Java application to work with
Kerberos. See the Apache API documentation for details.