/** * Login the user from a given keytab file. */ private void loginFromKeytab() throws IOException { String keyTabFilePath = this.config.getString(GobblinYarnConfigurationKeys.KEYTAB_FILE_PATH); if (Strings.isNullOrEmpty(keyTabFilePath)) { throw new IOException("Keytab file path is not defined for Kerberos login"); } if (!new File(keyTabFilePath).exists()) { throw new IOException("Keytab file not found at: " + keyTabFilePath); } String principal = this.config.getString(GobblinYarnConfigurationKeys.KEYTAB_PRINCIPAL_NAME); if (Strings.isNullOrEmpty(principal)) { principal = this.loginUser.getShortUserName() + "/localhost@LOCALHOST"; } Configuration conf = new Configuration(); conf.set("hadoop.security.authentication", UserGroupInformation.AuthenticationMethod.KERBEROS.toString().toLowerCase()); UserGroupInformation.setConfiguration(conf); UserGroupInformation.loginUserFromKeytab(principal, keyTabFilePath); LOGGER.info(String.format("Logged in from keytab file %s using principal %s", keyTabFilePath, principal)); this.loginUser = UserGroupInformation.getLoginUser(); getNewDelegationTokenForLoginUser(); writeDelegationTokenToFile(); if (!this.firstLogin) { // Send a message to the controller and all the participants sendTokenFileUpdatedMessage(InstanceType.CONTROLLER); sendTokenFileUpdatedMessage(InstanceType.PARTICIPANT); } }
/** * Return true if the current login user is already using the given authMethod. * * Used above to ensure we do not create a new Configuration object and as such * lose other settings such as the cluster to which the JVM is connected. Required * for oozie since it does not have a core-site.xml see HIVE-7682 */ private boolean loginUserHasCurrentAuthMethod(UserGroupInformation ugi, String sAuthMethod) { AuthenticationMethod authMethod; try { // based on SecurityUtil.getAuthenticationMethod() authMethod = Enum.valueOf(AuthenticationMethod.class, sAuthMethod.toUpperCase(Locale.ENGLISH)); } catch (IllegalArgumentException iae) { throw new IllegalArgumentException("Invalid attribute value for " + HADOOP_SECURITY_AUTHENTICATION + " of " + sAuthMethod, iae); } LOG.debug("Current authMethod = " + ugi.getAuthenticationMethod()); return ugi.getAuthenticationMethod().equals(authMethod); }
if (ugi.getRealAuthenticationMethod().getAuthMethod() != AuthMethod.KERBEROS) { LOG.debug("client isn't using kerberos");
.equals(AuthenticationMethod.SIMPLE)) { println(HADOOP_AUTHENTICATION_IS_DISABLED); failif(securityRequired, CAT_CONFIG, HADOOP_AUTHENTICATION_IS_DISABLED);
.equals(AuthenticationMethod.SIMPLE)) { println(HADOOP_AUTHENTICATION_IS_DISABLED); failif(securityRequired, CAT_CONFIG, HADOOP_AUTHENTICATION_IS_DISABLED);
if (ugi.getRealAuthenticationMethod().getAuthMethod() != AuthMethod.KERBEROS) { return null; // client isn't using kerberos
if (ugi.getRealAuthenticationMethod().getAuthMethod() != AuthMethod.KERBEROS) { return null; // client isn't using kerberos
newLoginContext(authenticationMethod.getLoginAppName(), subject, new HadoopConfiguration()); login.login();
if (ugi.getRealAuthenticationMethod().getAuthMethod() != AuthMethod.KERBEROS) { return null; // client isn't using kerberos
newLoginContext(authenticationMethod.getLoginAppName(), subject, new HadoopConfiguration()); login.login();
newLoginContext(authenticationMethod.getLoginAppName(), subject, new HadoopConfiguration()); login.login();
newLoginContext(authenticationMethod.getLoginAppName(), subject, new HadoopConfiguration()); login.login();
if (ugi.getRealAuthenticationMethod().getAuthMethod() != AuthMethod.KERBEROS) { return null; // client isn't using kerberos
UserGroupInformation.AuthenticationMethod.KERBEROS.name());
UserGroupInformation.AuthenticationMethod.KERBEROS.name());
final Configuration conf = new SecurityConfiguration(); conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, UserGroupInformation.AuthenticationMethod.KERBEROS.toString()); UserGroupInformation.setConfiguration(conf);
conf, count, KEYTAB_FILE_KEY, USER_NAME_KEY); } else { String auth = SecurityUtil.getAuthenticationMethod(conf).toString(); System.out.println( "Running MiniRPCBenchmark with " + auth + " authentication.");
@Override public String getDelegationToken(final String owner, final String renewer) throws IOException, InterruptedException { if (!authenticationMethod.get().equals(AuthenticationMethod.KERBEROS)) { throw new AuthorizationException( "Delegation Token can be issued only with kerberos authentication. " +
UserGroupInformation.AuthenticationMethod.KERBEROS.toString());
conf, count, KEYTAB_FILE_KEY, USER_NAME_KEY); } else { String auth = SecurityUtil.getAuthenticationMethod(conf).toString(); System.out.println( "Running MiniRPCBenchmark with " + auth + " authentication.");