Search code examples

How to initialize a keytab in docker?

I have a krb5.conf file. I created a keytab and checked it as expalined here.

In docker file I added all of it to the container

FROM java:8

ADD krb5.conf /etc/krb5.conf
ADD evkuzmin.keytab /etc/evkuzmin.keytab
ADD scripts/ /opt/scripts/

ADD report.jar report.jar
RUN sh -c 'touch report.jar'
ENTRYPOINT ["java","","","-jar","/report.jar","/opt/scripts/"]

And tried to initialize it in

kinit EvKuzmin@REALM -k -t /etc/evkuzmin.keytab

But every time I try to access the secured cluster, I get Unauthorized error. And when I check my keytab with

klist -k evkuzmin.keytab

I get evkuzmin.keytab not found.


I use Oracle virtual box and docker quickstrat terminal to test everything localy. Keytab was generated on the server and copied into the project on local machine.


I checked files in the image using

docker run -it --entrypoint sh <image-name>

they are present.


  • There is no need to initialize it. I managed to run it. You can find how I did it here.


    Also, I found this snippet

    CMD kinit -kt $HOME/$USER.keytab $USER && ${PROJECT_DIR}/oozie/${PROJECT_NAME}/

    which is supposed to initialize the keytab from dockerfile. Didn't test it, so don't know how it'll work with spring. This will start a oozie coordinator with kerberos credentials.