Generating a HPE Ezmeral Data Fabric User Ticket

Describes what a user ticket is, and how to generate a user ticket.

A user ticket file is stored in /tmp and can only be read by that user. To generate a HPE Ezmeral Data Fabric user ticket, run the following command:

maprlogin password

This command prompts for the user's password, then generates a HPE Ezmeral Data Fabric user ticket associated with the UNIX user ID. By default, tickets on Linux systems are generated in the /tmp directory and are named in the form maprticket_<UID> . Tickets on Windows systems are generated in the %TEMP%/ directory and are named in the form maprticket_<username> . To change the default location, change the value of the MAPR_TICKETFILE_LOCATION environment variable.

NOTE
The mapr user can impersonate any user, including user root.
NOTE
There are no notifications to indicate that a ticket is about to expire. Use the maprlogin print command, with the ticket file, to see when the ticket expires. You can renew the ticket until the renewal date mentioned.

To illustrate a typical work flow, suppose a user wants to access two clusters, cluster1 and cluster2. During this session, a user logs in as root to cluster1, gets a HPE Ezmeral Data Fabric user ticket, and displays the ticket contents with the maprlogin print command.

root@qa-node113:~/SecurityInstall# maprlogin password
[Password for user 'root' at cluster 'cluster1': ]
MapR credentials of user 'root' for cluster 'cluster1' are written to '/tmp/maprticket_0'
root@qa-node113:~/SecurityInstall#

First Ticket for Cluster 1

root@qa-node113:~/SecurityInstall# maprlogin print
Opening keyfile /tmp/maprticket_0
qasecurity1: user = root, created = 'Wed Sep 11 14:19:02 PDT 2013', expires = 'Wed Sep 25 14:19:02 PDT 2013', RenewalTill = 'Fri Oct 11 14:19:02 PDT 2013', uid = 0, gids = 0, 42
root@qa-node113:~/SecurityInstall#

Now the root user logs in to cluster2. The maprlogin command returns a ticket for cluster2. This ticket is stored in the common ticket file. Commands now have access to both tickets.

root@qa-node113:/opt/mapr/conf# maprlogin password -cluster cluster2
[Password for user 'root' at cluster 'cluster2': ] 
MapR credentials of user 'root' for cluster 'cluster2' are written to '/tmp/maprticket_0'

Showing Tickets for both Clusters

root@qa-node113:/opt/mapr/conf# maprlogin print 
Opening keyfile /tmp/maprticket_0
qasecurity1: user = root, created = 'Thu Sep 12 11:07:54 PDT 2013', expires = 'Thu Sep 26 11:07:54 PDT 2013', RenewalTill = 'Sat Oct 12 11:07:54 PDT 2013', uid = 0, gids = 0, 42
qasecurity2: user = root, created = 'Thu Sep 12 15:20:49 PDT 2013', expires = 'Thu Sep 26 15:20:49 PDT 2013', RenewalTill = 'Sat Oct 12 15:20:49 PDT 2013', uid = 0, gids = 0, 500
root@qa-node113:/opt/mapr/conf#