diff --git a/CHANGES.txt b/CHANGES.txt
index 1ec9c0626f..bb5c19cdee 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -43,6 +43,11 @@ Trunk (unreleased changes)
 
     HADOOP-6464. Write a Rackspace cloud provider. (tomwhite)
 
+    HADOOP-6520. Adds APIs to read/write Token and secret keys. Also
+    adds the automatic loading of tokens into UserGroupInformation
+    upon login. The tokens are read from a file specified in the
+    environment variable. (ddas)
+
   IMPROVEMENTS
 
     HADOOP-6283. Improve the exception messages thrown by
diff --git a/src/java/org/apache/hadoop/security/UserGroupInformation.java b/src/java/org/apache/hadoop/security/UserGroupInformation.java
index db53b53e20..b3eab89c59 100644
--- a/src/java/org/apache/hadoop/security/UserGroupInformation.java
+++ b/src/java/org/apache/hadoop/security/UserGroupInformation.java
@@ -34,7 +34,6 @@
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
-import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -132,6 +131,10 @@ public boolean logout() throws LoginException {
   /** Server-side groups fetching service */
   private static Groups groups;
   
+  /**Environment variable pointing to the token cache file*/
+  public static final String HADOOP_TOKEN_FILE_LOCATION = 
+    "HADOOP_TOKEN_FILE_LOCATION";
+  
   /** 
    * A method to initialize the fields that depend on a configuration.
    * Must be called before useKerberos or groups is used.
@@ -317,6 +320,10 @@ static UserGroupInformation getLoginUser() throws IOException {
         }
         login.login();
         loginUser = new UserGroupInformation(login.getSubject());
+        String tokenFile = System.getenv(HADOOP_TOKEN_FILE_LOCATION);
+        if (tokenFile != null && isSecurityEnabled()) {
+          TokenStorage.readTokensAndLoadInUGI(tokenFile, new Configuration(), loginUser);
+        }
       } catch (LoginException le) {
         throw new IOException("failure to login", le);
       }