maprlogin Command Examples

Generating and Displaying User Ticket

Generate a user ticket:

$ maprlogin password
[Password for user 'juser' at cluster 'my.cluster.com': ] 
MapR credentials of user 'juser' for cluster 'my.cluster.com' 
are written to '/tmp/maprticket_1000'

$ maprlogin print
Opening keyfile /tmp/maprticket_1000
my.cluster.com: user = juser, 
created = 'Mon Sep 17 08:30:26 PDT 2018', expires = 'Mon Oct 01 08:30:26 PDT 2018', 
RenewalTill = 'Wed Oct 17 08:30:26 PDT 2018', uid = 20001, gids = 54261, 
CanImpersonate = false 

Generating and Displaying mapr User Ticket

Generate a ticket for the mapr user:

# su mapr
$ maprlogin password
[Password for user 'mapr' at cluster 'test.cluster.com': ] 
MapR credentials of user 'mapr' for cluster 'test.cluster.com' 
are written to '/tmp/maprticket_5000'

$ maprlogin print
Opening keyfile /tmp/maprticket_5000
test.cluster.com: user = mapr, created = 'Mon Sep 17 09:18:19 PDT 2018', 
expires = 'Mon Oct 01 09:18:19 PDT 2018', RenewalTill = 'Wed Oct 17 09:18:19 PDT 2018', 
uid = 5000, gids = 5000, 0, 5001, CanImpersonate = true

Generating and Displaying Service Ticket

Generate a service ticket, longlived_ticket, in /tmp for maprUser1:

$ maprlogin generateticket -type service -out /tmp/longlived_ticket 
-duration 30:0:0 -renewal 90:0:0 -user maprUser1
MapR credentials of user 'maprUser1' for cluster 'JSKCluster129_secure' 
are written to '/tmp/longlived_ticket'

Display the service ticket in a specified location:

$ maprlogin print -ticketfile /tmp/ticketwithduration
Opening keyfile /tmp/ticketwithduration
JSKCluster129_secure: user = maprUser1, 
created = 'Tue Jun 14 11:12:01 PDT 2017', expires = 'Thu Jul 14 11:12:01 PDT 2017', 
RenewalTill = 'Mon Sep 12 11:12:01 PDT 2017', 
uid = 0, gids = 0, CanImpersonate = false

Generating and Printing Service with Impersonation Ticket

Generate a service with impersonation ticket (in /var/tmp) for maprUser1:

$ maprlogin generateticket -type servicewithimpersonation -user maprUser1 
-out /var/tmp/impersonationTicketMapRuser1

After generating the ticket, ensure that maprUser1 has read permissions on the ticket. If you move the ticketfile to a different location, set the $MAPR_TICKETFILE_LOCATION environment variable.

Display the service with impersonation ticket in the specified location:

$ maprlogin print -ticketfile /var/tmp/impersonationTicketMaprUser1
Opening keyfile /var/tmp/impersonationTicketMaprUser1
JSKCluster129_secure: user = maprUser1, 
created = 'Mon Apr 18 13:46:38 PDT 2017', expires = 'Mon May 02 13:46:38 PDT 2017', 
RenewalTill = 'Wed May 18 13:46:38 PDT 2017', 
uid = 501, gids = 502, CanImpersonate = true

$ maprlogin generateticket -type servicewithimpersonation -user mapruser1 -out /var/tmp/impersonation_ticket -duration 30:0:0 -impersonateduids 1002,1003 -impersonatedgids 1005,1006 -renewal 90:0:0

Generating a Tenant Ticket that is Valid for Specific IPs

Generate a tenant ticket (in /tmp) for user test that is valid for specific IPs:

$ maprlogin generateticket -type tenant -out /tmp/ticketip -ips 10.9.0.1,10.9.0.2 -user test
MapR credentials of user 'test' for cluster 'my.cluster.com' are written to '/tmp/ticketip'  

Display the generated tenant ticket:

$ maprlogin print -ticketfile /tmp/ticketip
Opening keyfile /tmp/ticketip
my.cluster.com: user = test, created = 'Tue Aug 25 00:34:14 PDT 2020', expires = 'Tue Aug 25 00:34:14 
PDT 12020', RenewalTill = 'Tue Aug 25 00:34:14 PDT 12020', uid = 5001, gids = 7001, 
CanImpersonate = true, isExternal = true, ips = 10.9.0.1,10.9.0.2,, IsTenant = true

Generating and Displaying Cross-Cluster Ticket

Generate a cross-cluster ticket (in /tmp) for maprUser1:

$ maprlogin generateticket -type crosscluster -out /tmp/crossclusterTicket -user maprUser1
MapR credentials of user 'maprUser1' for cluster 'JSKCluster128_secure' 
are written to '/tmp/crossclusterTicket'

Display the contents of a cross-cluster ticket in the specified location:

$ maprlogin print -ticketfile /tmp/crossclusterTicket
Opening keyfile /tmp/crossclusterTicket
ClusterSecure: user = root, 
created = 'Fri May 27 14:29:40 PDT 2017', expires = 'Fri May 27 14:29:40 PDT 12017', 
RenewalTill = 'Fri May 27 14:29:40 PDT 12017', 
uid = 0, gids = 0, CanImpersonate = false

Running an Authentication Test

authtest: This troubleshooting option simulates the behavior of the runtime during authentication, going through the authentication flow.

Options: [ -cluster ] Specifies the name of the cluster.

Ending a Session Before the Ticket Expires

end or logout: Destroys tickets and logs out.

Options: [ -cluster ] Specifies the name of the cluster. By default, deletes all tickets for all clusters.

Renewing a Ticket Before It Expires

renew: Renews an existing ticket for a specified time period.

The duration you specify must be valid for the ticket in question, given the original -renewal value for the ticket and the life of the ticket when the renew command is run:

• You cannot renew a ticket that has already expired.
• You can renew the same ticket multiple times.
• The renewal period (or periods) cannot exceed the available time left for the ticket.

For example, assume that a ticket is created with a duration of 10 days and a renewal of 30 days:

maprlogin password -duration 10:0:0 -renewal 30:0:0

• On the 11th day, the ticket expires and cannot be renewed at all.
• On the 9th day, you can renew the ticket for any number of days up to a maximum of 21.
• On the 23rd day, you can renew the ticket for any number of days up to a maximum of 7.

Example: Renew a ticket and display the renewed ticket in the specified location:

$ maprlogin renew -out /tmp/RenewedsecureClusterTicket 
-ticketfile /tmp/secureClusterTicket -duration 1:0:0

$ maprlogin print -ticketfile /tmp/RenewedsecureClusterTicket
Opening keyfile /tmp/RenewedsecureClusterTicket
JSKCluster129_secure: user = root, 
created = 'Tue Jun 07 11:53:29 PDT 2017', 
expires = 'Wed Jun 08 11:56:56 PDT 2017', 
RenewalTill = 'Thu Jul 07 11:53:29 PDT 2017', 
uid = 0, gids = 0, CanImpersonate = false