I have a krb5.conf file. I created a keytab and checked it as expalined here.
In docker file I added all of it to the container
FROM java:8
ADD krb5.conf /etc/krb5.conf
ADD evkuzmin.keytab /etc/evkuzmin.keytab
ADD scripts/ /opt/scripts/
ADD report.jar report.jar
RUN sh -c 'touch report.jar'
ENTRYPOINT ["java","-Dspring.data.mongodb.uri=mongodb://audpro_mongo/report","-Djava.security.egd=file:/dev/./urandom","-jar","/report.jar","/opt/scripts/init-keytab.sh"]
And tried to initialize it in init-keytab.sh
#!/bin/bash
kinit EvKuzmin@REALM -k -t /etc/evkuzmin.keytab
But every time I try to access the secured cluster, I get Unauthorized error. And when I check my keytab with
klist -k evkuzmin.keytab
I get evkuzmin.keytab not found.
Why?
I use Oracle virtual box and docker quickstrat terminal to test everything localy. Keytab was generated on the server and copied into the project on local machine.
EDIT
I checked files in the image using
docker run -it --entrypoint sh <image-name>
they are present.
There is no need to initialize it. I managed to run it. You can find how I did it here.
EDIT
Also, I found this snippet
CMD kinit -kt $HOME/$USER.keytab $USER && ${PROJECT_DIR}/oozie/${PROJECT_NAME}/start.sh
which is supposed to initialize the keytab from dockerfile. Didn't test it, so don't know how it'll work with spring. This will start a oozie coordinator with kerberos credentials.