Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support kerberos keytab file #3283

Closed
kyungwan-nam opened this issue Mar 2, 2023 · 5 comments
Closed

Support kerberos keytab file #3283

kyungwan-nam opened this issue Mar 2, 2023 · 5 comments
Labels
kind/feature New feature or request

Comments

@kyungwan-nam
Copy link
Contributor

What would you like to be added:

It is not possible to authenticate with a Kerberos keytab file when I use a kerberized hdfs as object storage.
JuiceFS support authenticating with a credential cache file only.
It would be good if support a keytab file as well.

Why is this needed:

Authenticating with a credential cache file is tricky under CSI Driver.
juicedata/juicefs-csi-driver#572

Currently, we have to do like the below whenever mount a pod. because the ccache file will be expired at the end.

  • generate my ccache file by kinit
  • create a kubernetes secret with my ccache file.
@kyungwan-nam kyungwan-nam added the kind/feature New feature or request label Mar 2, 2023
@kyungwan-nam
Copy link
Contributor Author

I wrote the POC code, and It works well.
I can try to contribute if you are interested in this
thanks!

@tangyoupeng
Copy link
Contributor

Thanks, we are interested in this.

@tangyoupeng
Copy link
Contributor

@kyungwan-nam Hello, could you submit a pr for this issue. Some other users also encountered this problem.

@kyungwan-nam kyungwan-nam mentioned this issue Apr 24, 2023
Merged
@kyungwan-nam
Copy link
Contributor Author

@tangyoupeng
Sorry for the delay.
Users can set the environment variables KRB5KEYTAB, KRB5PRINCIPAL for keytab instead of KRB5CCNAME.

@zhijian-pro
Copy link
Contributor

done by #3517

This was referenced Jun 15, 2023
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tangyoupeng @kyungwan-nam @zhijian-pro