Generating a MapR User Ticket

A user ticket file is stored in /tmp and can only be read by that user. To generate a MapR user ticket, run the following command:

maprlogin password

This command prompts for the user's password, then generates a mapr user ticket associated with the UNIX user ID. By default, tickets on Linux systems are generated in the /tmp directory and are named in the form maprticket_<UID> . Tickets on Windows systems are generated in the %TEMP%/ directory and are named in the form maprticket_<username> . To change the default location, change the value of the MAPR_TICKETFILE_LOCATION environment variable.

Note: The mapr user can impersonate any user, including user root.

To illustrate a typical work flow, suppose a user wants to access two clusters, cluster1 and cluster2. During this session, a user logs in as root to cluster1, gets a MapR user ticket, and displays the ticket contents with the maprlogin print command.

root@qa-node113:~/SecurityInstall# maprlogin password
[Password for user 'root' at cluster 'cluster1': ]
MapR credentials of user 'root' for cluster 'cluster1' are written to '/tmp/maprticket_0'
root@qa-node113:~/SecurityInstall#

First Ticket for Cluster 1

root@qa-node113:~/SecurityInstall# maprlogin print
Opening keyfile /tmp/maprticket_0
qasecurity1: user = root, created = 'Wed Sep 11 14:19:02 PDT 2013', expires = 'Wed Sep 25 14:19:02 PDT 2013', RenewalTill = 'Fri Oct 11 14:19:02 PDT 2013', uid = 0, gids = 0, 42
root@qa-node113:~/SecurityInstall#

Now the root user logs in to cluster2. The maprlogin command returns a ticket for cluster2. This ticket is stored in the common ticket file. Commands now have access to both tickets.

root@qa-node113:/opt/mapr/conf# maprlogin password -cluster cluster2
[Password for user 'root' at cluster 'cluster2': ] 
MapR credentials of user 'root' for cluster 'cluster2' are written to '/tmp/maprticket_0'

Showing Tickets for both Clusters

root@qa-node113:/opt/mapr/conf# maprlogin print 
Opening keyfile /tmp/maprticket_0
qasecurity1: user = root, created = 'Thu Sep 12 11:07:54 PDT 2013', expires = 'Thu Sep 26 11:07:54 PDT 2013', RenewalTill = 'Sat Oct 12 11:07:54 PDT 2013', uid = 0, gids = 0, 42
qasecurity2: user = root, created = 'Thu Sep 12 15:20:49 PDT 2013', expires = 'Thu Sep 26 15:20:49 PDT 2013', RenewalTill = 'Sat Oct 12 15:20:49 PDT 2013', uid = 0, gids = 0, 500
root@qa-node113:/opt/mapr/conf#