git clone git@github.com:jeffreythewang/kerberos-docker.git
cd kerberos-docker
git checkout presto-setup
make install
git clone git@github.com:jeffreythewang/docker-presto.git
cd docker-presto
git checkout krb-setup
docker build . -t jeffreyw/presto:latest
./start-presto.sh
# connect Presto to the network on which the kerberos topology is running
docker network connect --ip 10.5.0.5 example.com my-presto
# copy important keytabs generated from kdc to respective machines
docker cp krb5-kdc-server:/etc/jeffreyw.keytab /tmp
docker cp krb5-kdc-server:/etc/presto-service.keytab /tmp
docker cp /tmp/jeffreyw.keytab krb5-machine:/etc/krb5.keytab
docker cp /tmp/presto-service.keytab my-presto:/etc/krb5.keytab
# copy Java keystore file
docker cp my-presto:/etc/presto_keystore.jks /tmp
docker cp /tmp/presto_keystore.jks krb5-machine:/etc/presto_keystore.jks
docker exec -it krb5-machine /bin/bash
# in the krb5-machine container
cd /root/jdbc-presto
# compile
javac KerberosPresto.java
# run
java -cp .:presto-jdbc-0.196.jar KerberosPresto
To authenticate with Kerberos delegation via a Python client, the follow library changes need to be made:
# requests-kerberos
https://github.com/jeffreythewang/requests-kerberos/tree/delegate-state
# flask-kerberos
https://github.com/jeffreythewang/flask-kerberos/tree/delegate-context
Set up the Flask app
docker exec -it krb5-service /bin/bash
cd /root/python
python flask-example.py
Connect with a client
docker exec -it krb5-machine /bin/bash
cd /root/python
python kerberos_connect.py
docker exec -it krb5-kdc-server /bin/bash
# in the kdc container
tail -f /var/log/kerberos/krb5lib.log
# on your machine
docker logs -f my-presto