From 0aeed92a75f2c1e6ee5092bb32b969abec04ead6 Mon Sep 17 00:00:00 2001 From: Todd Lipcon Date: Wed, 7 Mar 2012 18:42:53 +0000 Subject: [PATCH] HADOOP-8141. Add method to SecurityUtil to init krb5 cipher suites. Contributed by Todd Lipcon. git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1298036 13f79535-47bb-0310-9956-ffa450edef68 --- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../hadoop/security/Krb5AndCertsSslSocketConnector.java | 2 +- .../main/java/org/apache/hadoop/security/SecurityUtil.java | 7 +++++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 48052775fc..7d983da8dc 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -113,6 +113,9 @@ Trunk (unreleased changes) HADOOP-7888. TestFailoverProxy fails intermittently on trunk. (Jason Lowe via atm) + HADOOP-8141. Add method to SecurityUtil to init krb5 cipher suites. + (todd) + OPTIMIZATIONS HADOOP-7761. Improve the performance of raw comparisons. (todd) diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Krb5AndCertsSslSocketConnector.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Krb5AndCertsSslSocketConnector.java index c8be9fd711..625cad52d3 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Krb5AndCertsSslSocketConnector.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Krb5AndCertsSslSocketConnector.java @@ -58,7 +58,7 @@ public class Krb5AndCertsSslSocketConnector extends SslSocketConnector { Collections.unmodifiableList(Collections.singletonList( "TLS_KRB5_WITH_3DES_EDE_CBC_SHA")); static { - System.setProperty("https.cipherSuites", KRB5_CIPHER_SUITES.get(0)); + SecurityUtil.initKrb5CipherSuites(); } private static final Log LOG = LogFactory diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java index 43132d263a..13ea2e971a 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java @@ -620,4 +620,11 @@ void setSearchDomains(String ... domains) { searchDomains = Arrays.asList(domains); } } + + public static void initKrb5CipherSuites() { + if (UserGroupInformation.isSecurityEnabled()) { + System.setProperty("https.cipherSuites", + Krb5AndCertsSslSocketConnector.KRB5_CIPHER_SUITES.get(0)); + } + } }