Kerberos is used in Hadoop clusters for security. What is its main role?
Think about how Kerberos helps prove identity without sending passwords.
Kerberos provides a secure way to authenticate users and services by issuing tickets, preventing password exposure.
Given the command klist run after successful authentication, what output will it show?
klist
Consider what klist is used for in Kerberos.
The klist command displays the current Kerberos tickets held by the user, including expiration times.
Consider this Java snippet for authenticating a user with Kerberos in Hadoop:
Configuration conf = new Configuration();
conf.set("hadoop.security.authentication", "kerberos");
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab("user@EXAMPLE.COM", "/path/to/user.keytab");
String user = UserGroupInformation.getCurrentUser().getUserName();
System.out.println(user);What will be printed?
Check what getUserName() returns after login.
The getUserName() method returns the simple username part, not the full principal.
Given this error message when running a Hadoop job with Kerberos enabled:
javax.security.auth.login.LoginException: Cannot obtain password from user
Which of the following is the most likely cause?
Check file paths and permissions related to authentication files.
This error usually means the keytab file cannot be read or found, so the password cannot be retrieved for login.
A user runs these commands in order:
kinit -kt /path/to/user1.keytab user1@EXAMPLE.COM kinit -kt /path/to/user2.keytab user2@EXAMPLE.COM klist
How many valid tickets will klist show?
Consider how kinit manages tickets in the default ticket cache.
By default, kinit overwrites the existing ticket cache, so only the last ticket is valid.