MapR 5.0 Documentation : Set Up Java Authentication and Authorization Service (JAAS)

Open source components in the MapR distribution for Hadoop use the Java Authentication and Authorization Service (JAAS) for security configuration.  The /opt/mapr/conf/mapr.login.conf file defines JAAS configurations. The MAPR_ECOSYSTEM_LOGIN_OPTS environment variable in the /opt/mapr/conf/ file specifies the JAAS configuration used by installed open source components. When security is enabled, the value of the MAPR_ECOSYSTEM_LOGIN_OPTS environment variable is modified to include the hybrid JVM option for hadoop.login. This is equivalent to setting the -Dhadoop.login=hybrid flag at the command line.This setting specifies a mixed security environment using Kerberos and internal MapR security technologies.

The mapr.login.conf file has two stanzas for hybrid security:

 * authenticate using hybrid of kerberos and MapR
 * maprticket must already exist on file system as MapR login module
 * cannot get kerberos identity from subject for implicit login.

hadoop_hybrid { optional
      doNotPrompt=true; required
      checkUGI=false; required; required;
hadoop_hybrid_keytab { optional
      storeKey=true; required
      useServerKey=true; required; required;