maprlogin Command Examples
Describes common scenarios associated with maprlogin
usage.
Generating and Displaying User Ticket
Generate a user ticket:
$ maprlogin password
[Password for user 'juser' at cluster 'my.cluster.com': ]
MapR credentials of user 'juser' for cluster 'my.cluster.com' are written to '/tmp/maprticket_1000'
$ maprlogin print
Opening keyfile /tmp/maprticket_1000
my.cluster.com:
user = juser, created = 'Sun Nov 24 18:59:43 PST 2013', expires = 'Sun
Dec 08 18:59:43 PST 2013', RenewalTill = 'Tue Dec 24 18:59:43 PST 2013',
uid = 1000, gids = 1000, 4, 24, 27, 30, 46, 109, 124
Generating and Displaying Service Ticket
Generate a service ticket, longlived_ticket, in /tmp for maprUser1:
$ maprlogin generateticket -type service -out /tmp/ticketwithduration -duration 30:0:0 -renewal 90:0:0 -user maprUser1
MapR credentials of user 'maprUser1' for cluster 'JSKCluster129_secure' are written to '/tmp/longlived_ticket'
Display the service ticket in a specified location:
$ maprlogin print -ticketfile /tmp/ticketwithduration
Opening keyfile /tmp/ticketwithduration
JSKCluster129_secure: user = maprUser1, created = 'Tue Jun 14 11:12:01 PDT 2016',
expires = 'Thu Jul 14 11:12:01 PDT 2016', RenewalTill = 'Mon Sep 12 11:12:01 PDT 2016',
uid = 0, gids = 0, CanImpersonate = false
Generating and Printing Service with Impersonation Ticket
Generate a service with impersonation ticket (in /var/tmp) for mapruser1:
$ maprlogin generateticket -type servicewithimpersonation -user mapruser1 -out /var/tmp/impersonationTicketMapRuser1
After generating the ticket, ensure that mapruser1 has read permissions on the ticket. If you move the ticketfile to a different location, set the $MAPR_TICKETFILE_LOCATION environment variable.
Display the service with impersonation ticket in the specified location:
$ maprlogin print -ticketfile /var/tmp/impersonationTcketMapruser1
Opening keyfile /var/tmp/impersonationTcketMapruser1
JSKCluster129_secure: user = mapruser1, created = 'Mon Apr 18 13:46:38 PDT 2016',
expires = 'Mon May 02 13:46:38 PDT 2016', RenewalTill = 'Wed May 18 13:46:38 PDT 2016',
uid = 501, gids = 502, CanImpersonate = true
Generating and Displaying Cross-cluster Ticket
Generate a cross-cluster ticket (in /tmp) for maprUser1:
$ maprlogin generateticket -type crosscluster -out /tmp/CrossClusterTicket -user maprUser1
MapR credentials of user 'maprUser1' for cluster 'JSKCluster128_secure' are written to '/tmp/CrossClusterTicket'
Display the contents of a cross-cluster ticket in the specified location:
$ maprlogin print -ticketfile /tmp/crossclusterTicket
Opening keyfile /tmp/crossclusterTicket
ClusterSecure: user = root, created = 'Fri May 27 14:29:40 PDT 2016',
expires = 'Fri May 27 14:29:40 PDT 12016', RenewalTill = 'Fri May 27 14:29:40 PDT 12016',
uid = 0, gids = 0, CanImpersonate = false
Running an Authentication Test
authtest
: This troubleshooting option simulates the behavior of the runtime
during authentication, going through the authentication flow.
Options: [ -cluster ] Specifies the name of the cluster.
Ending a Session Before the Ticket Expires
end
or logout
: Destroys tickets and logs out.
Options: [ -cluster ] Specifies the name of the cluster. By default, deletes all tickets for all clusters.
Renewing a Ticket Before It Expires
renew
: Renews an existing ticket for a specified time period.
Options: [ -cluster ] Specifies the name of the cluster. [ -duration ] Specifies the ticket duration.
The duration you specify must be valid for the ticket in question, given the original
-renewal
value for the ticket and the life of the ticket when the renew
command is run:
- You cannot renew a ticket that has already expired.
- You can renew the same ticket multiple times.
- The renewal period (or periods) cannot exceed the available time left for the ticket.
For example, assume that a ticket is created with a duration of 10 days and a renewal of 30 days:
maprlogin password -duration 10:0:0 -renewal 30:0:0
- On the 11th day, the ticket expires and cannot be renewed at all.
- On the 9th day, you can renew the ticket for any number of days up to a maximum of 21.
- On the 23rd day, you can renew the ticket for any number of days up to a maximum of 7.
Example: Renew a ticket and display the renewed ticket in the specified location:
$ maprlogin renew -out /tmp/RenewedsecureClusterTicket -ticketfile /tmp/secureClusterTicket -duration 1:0:0
$ maprlogin print -ticketfile /tmp/RenewedsecureClusterTicket
Opening keyfile /tmp/RenewedsecureClusterTicket
JSKCluster129_secure: user = root, created = 'Tue Jun 07 11:53:29 PDT 2016',
expires = 'Wed Jun 08 11:56:56 PDT 2016', RenewalTill = 'Thu Jul 07 11:53:29 PDT 2016',
uid = 0, gids = 0, CanImpersonate = false
Error Messages when Accessing Secure Clusters without a MapR User Ticket.
$ hadoop fs -ls
Bad connection to FS. command aborted. exception: failure to login: Unable to obtain MapR credentials
$ maprcli node list
ERROR (22) - You do not have a ticket to communicate with 192.168.57.87:7222. Retry after obtaining a new ticket using maprlogin