Generating a Service Ticket
Applications may have service processes that run outside the MapR cluster but need to access the cluster to run MapR commands. For security reasons, you decide not to run these services as a mapr user. Instead, you can use the maprlogin utility to generate a "service ticket" that can be used to access the cluster for the user account that runs the service. The maprlogin utility uses the current user's ticket (the user running the maprlogin command) to send an authenticated request for a newly generated service ticket.
This type of ticket has a specified duration (expiration), a renewal period (maximum
lifetime), and a designated location where the ticket is safely stored. The
service process that uses the ticket can access it based on the definition of the
MAPR_TICKETFILE_LOCATION
environment variable. This
variable points to the location of the ticket and should be set for the service
process after it starts. Short duration and renewal values may be used for
security reasons, but much longer lifetimes are supported for ease of
administration.
For example:
# maprlogin generateticket -type service -out /tmp/longlived_ticket -duration 30:0:0 -renewal 90:0:0 -user mapr
MapR credentials of user 'mapr' for cluster 'xxxx' are written to '/tmp/longlived_ticket'
/tmp/longlived_ticket
. The ticket may be renewed at any
time before the 30 days pass, extending its lifetime to a maximum of 90 days. The
ticket must be renewed explicitly before its expiration date; it does not renew
automatically after it expires.