jeffreythewang/krb5-presto.md

## krb5-presto.md

      
    Raw
  

              krb5-presto.md
            
          
    Kerberos Setup

git clone git@github.com:jeffreythewang/kerberos-docker.git
cd kerberos-docker
git checkout presto-setup
make install

Presto Setup

git clone git@github.com:jeffreythewang/docker-presto.git
cd docker-presto
git checkout krb-setup
docker build . -t jeffreyw/presto:latest
./start-presto.sh

# connect Presto to the network on which the kerberos topology is running
docker network connect --ip 10.5.0.5 example.com my-presto

Keytab/Keystore Setup

# copy important keytabs generated from kdc to respective machines
docker cp krb5-kdc-server:/etc/jeffreyw.keytab /tmp
docker cp krb5-kdc-server:/etc/presto-service.keytab /tmp
docker cp /tmp/jeffreyw.keytab krb5-machine:/etc/krb5.keytab
docker cp /tmp/presto-service.keytab my-presto:/etc/krb5.keytab

# copy Java keystore file
docker cp my-presto:/etc/presto_keystore.jks /tmp
docker cp /tmp/presto_keystore.jks krb5-machine:/etc/presto_keystore.jks

Java Client

docker exec -it krb5-machine /bin/bash
# in the krb5-machine container
cd /root/jdbc-presto

# compile
javac KerberosPresto.java
# run
java -cp .:presto-jdbc-0.196.jar KerberosPresto

Python Client

To authenticate with Kerberos delegation via a Python client, the follow library changes need to be made:
# requests-kerberos
https://github.com/jeffreythewang/requests-kerberos/tree/delegate-state

# flask-kerberos
https://github.com/jeffreythewang/flask-kerberos/tree/delegate-context

Set up the Flask app
docker exec -it krb5-service /bin/bash
cd /root/python
python flask-example.py

Connect with a client
docker exec -it krb5-machine /bin/bash
cd /root/python
python kerberos_connect.py

Logging

KDC

docker exec -it krb5-kdc-server /bin/bash
# in the kdc container
tail -f /var/log/kerberos/krb5lib.log

Presto

# on your machine
docker logs -f my-presto