How to initialize a keytab in docker?

Evgenii picture Evgenii · Sep 1, 2017 · Viewed 9k times · Source

I have a krb5.conf file. I created a keytab and checked it as expalined here.

In docker file I added all of it to the container

FROM java:8

ADD krb5.conf /etc/krb5.conf
ADD evkuzmin.keytab /etc/evkuzmin.keytab
ADD scripts/ /opt/scripts/

ADD report.jar report.jar
RUN sh -c 'touch report.jar'
ENTRYPOINT ["java","-Dspring.data.mongodb.uri=mongodb://audpro_mongo/report","-Djava.security.egd=file:/dev/./urandom","-jar","/report.jar","/opt/scripts/init-keytab.sh"]

And tried to initialize it in init-keytab.sh

#!/bin/bash
kinit EvKuzmin@REALM -k -t /etc/evkuzmin.keytab

But every time I try to access the secured cluster, I get Unauthorized error. And when I check my keytab with

klist -k evkuzmin.keytab

I get evkuzmin.keytab not found.

Why?

I use Oracle virtual box and docker quickstrat terminal to test everything localy. Keytab was generated on the server and copied into the project on local machine.

EDIT

I checked files in the image using

docker run -it --entrypoint sh <image-name>

they are present.

Answer

Evgenii picture Evgenii · Sep 5, 2017

There is no need to initialize it. I managed to run it. You can find how I did it here.

EDIT

Also, I found this snippet

CMD kinit -kt $HOME/$USER.keytab $USER && ${PROJECT_DIR}/oozie/${PROJECT_NAME}/start.sh

which is supposed to initialize the keytab from dockerfile. Didn't test it, so don't know how it'll work with spring. This will start a oozie coordinator with kerberos credentials.