public KerberosNameShim(String name) { kerberosName = new KerberosName(name); }
"Failed to specify server's Kerberos principal name"); KerberosName name = new KerberosName(confPrincipal); if (name.getHostName() == null) { throw new IllegalArgumentException(
/** * Verify whether auth_to_local rules transform a principal name * <p> * Having a local user name "bar@foo.com" may be harmless, so it is noted at * info. However if what was intended is a transformation to "bar" * it can be difficult to debug, hence this check. */ protected void validateShortName() { failif(principal == null, CAT_KERBEROS, "No principal defined"); try { KerberosName kn = new KerberosName(principal); String result = kn.getShortName(); if (nonSimplePattern.matcher(result).find()) { warn(CAT_KERBEROS, principal + " short name: " + result + " still contains @ or /"); } } catch (IOException e) { throw new KerberosDiagsFailure(CAT_KERBEROS, e, "Failed to get short name for " + principal, e); } catch (IllegalArgumentException e) { error(CAT_KERBEROS, "KerberosName(" + principal + ") failed: %s\n%s", e, StringUtils.stringifyException(e)); } }
} else { String clientPrincipal = gssContext.getSrcName().toString(); KerberosName kerberosName = new KerberosName(clientPrincipal); String userName = kerberosName.getShortName(); token = new AuthenticationToken(userName, clientPrincipal, getType());
/** * Expected user name should be a short name. */ public static void checkUsername(final String expected, final String name ) throws IOException { if (expected == null && name != null) { throw new IOException("Usernames not matched: expecting null but name=" + name); } if (name == null) { //name is optional, null is okay return; } KerberosName u = new KerberosName(name); String shortName = u.getShortName(); if (!shortName.equals(expected)) { throw new IOException("Usernames not matched: name=" + shortName + " != expected=" + expected); } }
krbName = new KerberosName(serverPrincipal); clientConf.setProperty( org.apache.accumulo.core.client.ClientConfiguration.ClientProperty.KERBEROS_SERVER_PRIMARY,
public KerberosNameShim(String name) { kerberosName = new KerberosName(name); }
public KerberosNameShim(String name) { kerberosName = new KerberosName(name); }
public KerberosNameShim(String name) { kerberosName = new KerberosName(name); }
public KerberosNameShim(String name) { kerberosName = new KerberosName(name); }
/** * Returns a {@link KerberosName} from the given {@link KerberosPrincipalId} if the given kerberos principal id * is valid. Refer to * <a href="https://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-user/What-is-a-Kerberos-Principal_003f.html"> * Kerberos Principal</a> for details. * * @param principalId The {@link KerberosPrincipalId} from which {@link KerberosName} needs to be created * @return {@link KerberosName} for the given {@link KerberosPrincipalId} * @throws IllegalArgumentException if failed to create a {@link KerberosName} from the given * {@link KerberosPrincipalId} */ public static KerberosName getKerberosName(KerberosPrincipalId principalId) { return new KerberosName(principalId.getPrincipal()); }
/** * @param principal The principal whose KeytabURI is being looked up * @param cConf To lookup the configured path for the keytabs * @return The location of the keytab * @throws IOException If the principal is not a valid kerberos principal */ static String getKeytabURIforPrincipal(String principal, CConfiguration cConf) throws IOException { String confPath = cConf.getRaw(Constants.Security.KEYTAB_PATH); Preconditions.checkNotNull(confPath, String.format("Failed to get a valid keytab path. " + "Please ensure that you have specified %s in cdap-site.xml", Constants.Security.KEYTAB_PATH)); String name = new KerberosName(principal).getShortName(); return confPath.replace(Constants.USER_NAME_SPECIFIER, name); }
@Inject @VisibleForTesting public DefaultImpersonator(CConfiguration cConf, UGIProvider ugiProvider) { this.ugiProvider = ugiProvider; this.kerberosEnabled = SecurityUtil.isKerberosEnabled(cConf); // on kerberos disabled cluster the master principal will be null String masterPrincipal = SecurityUtil.getMasterPrincipal(cConf); try { masterShortUsername = masterPrincipal == null ? null : new KerberosName(masterPrincipal).getShortName(); } catch (IOException e) { Throwables.propagate(e); } }
private void checkBadName(String name) { System.out.println("Checking " + name + " to ensure it is bad."); try { new KerberosName(name); Assert.fail("didn't get exception for " + name); } catch (IllegalArgumentException iae) { // PASS } }
private void checkBadName(String name) { System.out.println("Checking " + name + " to ensure it is bad."); try { new KerberosName(name); Assert.fail("didn't get exception for " + name); } catch (IllegalArgumentException iae) { // PASS } }
private void checkBadName(String name) { System.out.println("Checking " + name + " to ensure it is bad."); try { new KerberosName(name); Assert.fail("didn't get exception for " + name); } catch (IllegalArgumentException iae) { // PASS } }
private void checkTranslation(String from, String to) throws Exception { System.out.println("Translate " + from); KerberosName nm = new KerberosName(from); String simple = nm.getShortName(); System.out.println("to " + simple); Assert.assertEquals("short name incorrect", to, simple); }
private void checkTranslation(String from, String to) throws Exception { System.out.println("Translate " + from); KerberosName nm = new KerberosName(from); String simple = nm.getShortName(); System.out.println("to " + simple); Assert.assertEquals("short name incorrect", to, simple); }
private void checkTranslation(String from, String to) throws Exception { System.out.println("Translate " + from); KerberosName nm = new KerberosName(from); String simple = nm.getShortName(); System.out.println("to " + simple); Assert.assertEquals("short name incorrect", to, simple); }
private void checkBadTranslation(String from) { System.out.println("Checking bad translation for " + from); KerberosName nm = new KerberosName(from); try { nm.getShortName(); Assert.fail("didn't get exception for " + from); } catch (IOException ie) { // PASS } }