Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

R Shell and Kerberos Ticket

Tags:

r

kerberos

I have a hive connection via JDBC in RStudio without problems, I create Kerberos ticket in Tools < Shell: kinit and all working fine, I can use Kerberos TGT.

But if I make the same method via shell/ssh and loading R in terminal (Not RStudio), R can't use Kerberos TGT File and fails.

How can i use the Kerberos ticket?

> [user@server ~]$: kinit
>
> Password for user@domain:  --i put the password--
>
> [user@server ~]$: R 
>
> -- R load --
>
> \> source('samecode.r')
>
> Error Caused by: java.sql.SQLException: Could not create secure connection to jdbc:hive2:....etc

Any idea? This error happens in RStudio if we not create the ticket, but when it's created in tools>shell all work fine, in console its impossible. I try to create it with

 system('kinit');

And create the ticket fine, but can't use it in the rest of the code.

like image 480
Worvast Avatar asked Nov 16 '15 12:11

Worvast


People also ask

What is the command to get Kerberos ticket?

To create a ticket, use the kinit command. The kinit command prompts you for your password. For the full syntax of the kinit command, see the kinit(1) man page. This example shows a user, kdoe, creating a ticket on her own system.

What is Kinit and Klist?

The klist tool displays the entries in the local credentials cache and key table. After you modify the credentials cache with the kinit tool or modify the keytab with the ktab tool, the only way to verify the changes is to view the contents of the credentials cache or keytab using the klist tool.

What are the two ticket types used with Kerberos?

There are two main types of Kerberos tickets used in Active Directory: Ticket Granting Ticket (TGT) and service tickets. Service tickets are obtained from the Ticket Granting Service (TGS). The TGT is used to authenticate the identity of a particular entity in Active Directory, such as a user account.

What is a Forwardable Kerberos ticket?

Forwarding tickets allows you to “chain” your network transactions. You can, for example, remotely log in to one machine and then remotely log in from it to another machine. The -f option allows you to forward a ticket, while the -F option allows you to reforward a forwarded ticket.


1 Answers

Hi you can create a kerberos ticket within R with a keytab file and this command :

system("kinit [email protected] -k -t username.keytab")

To create the keytab you have to do this via shell :

ktutil
ktutil:  addent -password -p [email protected] -k 1 -e rc4-hmac
Password for [email protected]: [enter your password]
ktutil:  addent -password -p [email protected] -k 1 -e aes256-cts
Password for [email protected]: [enter your password]
ktutil:  wkt username.keytab
ktutil:  quit 

All the steps for creating a keytab are explained here

And the keytab file must be in your working directory.

like image 93
Victorp Avatar answered Sep 21 '22 17:09

Victorp