How to Authenticate Kerberos Principals Using Java

To authenticate Kerberos principals in custom applications using Java, import the UserGroupInformation class from the Hadoop security library into your application and use it to pass principals and keytabs to the Kerberos service. This basic example shows hard-coded passing of principal cloudera and a cloudera.keytab file:
// Authenticating Kerberos principal
System.out.println("Principal Authentication: ");
final String user = "cloudera@CLOUDERA.COM";
final String keyPath = "cloudera.keytab";
UserGroupInformation.loginUserFromKeytab(user, keyPath);

The UserGroupInformation class ( has methods to handle tokens, proxy users, and many other tasks required for your Java application to work with Kerberos. See the Apache API documentation for details.