HADOOP-6853. Common component of HDFS-1045.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@961911 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Jakob Homan 2010-07-08 20:02:29 +00:00
parent 038d399389
commit 86e833858c
2 changed files with 41 additions and 1 deletions

View File

@ -16,6 +16,8 @@ Trunk (unreleased changes)
HADOOP-6584. Provide Kerberized SSL encryption for webservices.
(jghoman and Kan Zhang via jghoman)
HADOOP-6853. Common component of HDFS-1045. (jghoman)
IMPROVEMENTS
HADOOP-6644. util.Shell getGROUPS_FOR_USER_COMMAND method name

View File

@ -50,7 +50,6 @@
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
@ -486,6 +485,45 @@ public synchronized void reloginFromKeytab()
}
}
/**
* Log a user in from a keytab file. Loads a user identity from a keytab
* file and login them in. This new user does not affect the currently
* logged-in user.
* @param user the principal name to load from the keytab
* @param path the path to the keytab file
* @throws IOException if the keytab file can't be read
*/
public synchronized
static UserGroupInformation loginUserFromKeytabAndReturnUGI(String user,
String path
) throws IOException {
if (!isSecurityEnabled())
return UserGroupInformation.getCurrentUser();
String oldKeytabFile = null;
String oldKeytabPrincipal = null;
try {
oldKeytabFile = keytabFile;
oldKeytabPrincipal = keytabPrincipal;
keytabFile = path;
keytabPrincipal = user;
Subject subject = new Subject();
LoginContext login =
new LoginContext(HadoopConfiguration.KEYTAB_KERBEROS_CONFIG_NAME, subject);
login.login();
UserGroupInformation newLoginUser = new UserGroupInformation(subject);
newLoginUser.setLogin(login);
return newLoginUser;
} catch (LoginException le) {
throw new IOException("Login failure for " + user + " from keytab " +
path, le);
} finally {
if(oldKeytabFile != null) keytabFile = oldKeytabFile;
if(oldKeytabPrincipal != null) keytabPrincipal = oldKeytabPrincipal;
}
}
public synchronized static boolean isLoginKeytabBased() {
return keytabFile != null;