HADOOP-6853. Common component of HDFS-1045.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@961911 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
038d399389
commit
86e833858c
@ -16,6 +16,8 @@ Trunk (unreleased changes)
|
||||
HADOOP-6584. Provide Kerberized SSL encryption for webservices.
|
||||
(jghoman and Kan Zhang via jghoman)
|
||||
|
||||
HADOOP-6853. Common component of HDFS-1045. (jghoman)
|
||||
|
||||
IMPROVEMENTS
|
||||
|
||||
HADOOP-6644. util.Shell getGROUPS_FOR_USER_COMMAND method name
|
||||
|
@ -50,7 +50,6 @@
|
||||
import org.apache.hadoop.classification.InterfaceAudience;
|
||||
import org.apache.hadoop.classification.InterfaceStability;
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
|
||||
import org.apache.hadoop.security.token.Token;
|
||||
import org.apache.hadoop.security.token.TokenIdentifier;
|
||||
|
||||
@ -486,6 +485,45 @@ public synchronized void reloginFromKeytab()
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Log a user in from a keytab file. Loads a user identity from a keytab
|
||||
* file and login them in. This new user does not affect the currently
|
||||
* logged-in user.
|
||||
* @param user the principal name to load from the keytab
|
||||
* @param path the path to the keytab file
|
||||
* @throws IOException if the keytab file can't be read
|
||||
*/
|
||||
public synchronized
|
||||
static UserGroupInformation loginUserFromKeytabAndReturnUGI(String user,
|
||||
String path
|
||||
) throws IOException {
|
||||
if (!isSecurityEnabled())
|
||||
return UserGroupInformation.getCurrentUser();
|
||||
String oldKeytabFile = null;
|
||||
String oldKeytabPrincipal = null;
|
||||
|
||||
try {
|
||||
oldKeytabFile = keytabFile;
|
||||
oldKeytabPrincipal = keytabPrincipal;
|
||||
keytabFile = path;
|
||||
keytabPrincipal = user;
|
||||
Subject subject = new Subject();
|
||||
LoginContext login =
|
||||
new LoginContext(HadoopConfiguration.KEYTAB_KERBEROS_CONFIG_NAME, subject);
|
||||
|
||||
login.login();
|
||||
UserGroupInformation newLoginUser = new UserGroupInformation(subject);
|
||||
newLoginUser.setLogin(login);
|
||||
|
||||
return newLoginUser;
|
||||
} catch (LoginException le) {
|
||||
throw new IOException("Login failure for " + user + " from keytab " +
|
||||
path, le);
|
||||
} finally {
|
||||
if(oldKeytabFile != null) keytabFile = oldKeytabFile;
|
||||
if(oldKeytabPrincipal != null) keytabPrincipal = oldKeytabPrincipal;
|
||||
}
|
||||
}
|
||||
|
||||
public synchronized static boolean isLoginKeytabBased() {
|
||||
return keytabFile != null;
|
||||
|
Loading…
Reference in New Issue
Block a user