big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HADOOP-6853. Common component of HDFS-1045.

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@961911 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Jakob Homan 2010-07-08 20:02:29 +00:00
parent 038d399389
commit 86e833858c
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES.txt
View File

@ -16,6 +16,8 @@ Trunk (unreleased changes)
HADOOP-6584. Provide Kerberized SSL encryption for webservices. HADOOP-6584. Provide Kerberized SSL encryption for webservices.
(jghoman and Kan Zhang via jghoman) (jghoman and Kan Zhang via jghoman)
HADOOP-6853. Common component of HDFS-1045. (jghoman)
IMPROVEMENTS IMPROVEMENTS
HADOOP-6644. util.Shell getGROUPS_FOR_USER_COMMAND method name HADOOP-6644. util.Shell getGROUPS_FOR_USER_COMMAND method name

40
src/java/org/apache/hadoop/security/UserGroupInformation.java
View File

@ -50,7 +50,6 @@
import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier; import org.apache.hadoop.security.token.TokenIdentifier;
@ -486,6 +485,45 @@ public synchronized void reloginFromKeytab()
} }
} }
/**
* Log a user in from a keytab file. Loads a user identity from a keytab
* file and login them in. This new user does not affect the currently
* logged-in user.
* @param user the principal name to load from the keytab
* @param path the path to the keytab file
* @throws IOException if the keytab file can't be read
*/
public synchronized
static UserGroupInformation loginUserFromKeytabAndReturnUGI(String user,
String path
) throws IOException {
if (!isSecurityEnabled())
return UserGroupInformation.getCurrentUser();
String oldKeytabFile = null;
String oldKeytabPrincipal = null;
try {
oldKeytabFile = keytabFile;
oldKeytabPrincipal = keytabPrincipal;
keytabFile = path;
keytabPrincipal = user;
Subject subject = new Subject();
LoginContext login =
new LoginContext(HadoopConfiguration.KEYTAB_KERBEROS_CONFIG_NAME, subject);
login.login();
UserGroupInformation newLoginUser = new UserGroupInformation(subject);
newLoginUser.setLogin(login);
return newLoginUser;
} catch (LoginException le) {
throw new IOException("Login failure for " + user + " from keytab " +
path, le);
} finally {
if(oldKeytabFile != null) keytabFile = oldKeytabFile;
if(oldKeytabPrincipal != null) keytabPrincipal = oldKeytabPrincipal;
}
}
public synchronized static boolean isLoginKeytabBased() { public synchronized static boolean isLoginKeytabBased() {
return keytabFile != null; return keytabFile != null;