HADOOP-8463. hadoop.security.auth_to_local needs a key definition and doc. Contributed by Madhukara Phatak

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1356513 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Eli Collins 2012-07-02 22:46:55 +00:00
parent 22822df7c3
commit 161ed29087
10 changed files with 28 additions and 9 deletions

View File

@ -231,6 +231,9 @@ Branch-2 ( Unreleased changes )
HADOOP-3450. Add tests to Local Directory Allocator for HADOOP-3450. Add tests to Local Directory Allocator for
asserting their URI-returning capability (Sho Shimauchi via harsh) asserting their URI-returning capability (Sho Shimauchi via harsh)
HADOOP-8463. hadoop.security.auth_to_local needs a key definition and doc.
(Madhukara Phatak via eli)
BUG FIXES BUG FIXES
HADOOP-8372. NetUtils.normalizeHostName() incorrectly handles hostname HADOOP-8372. NetUtils.normalizeHostName() incorrectly handles hostname

View File

@ -235,5 +235,9 @@ public class CommonConfigurationKeysPublic {
/** See <a href="{@docRoot}/../core-default.html">core-default.xml</a> */ /** See <a href="{@docRoot}/../core-default.html">core-default.xml</a> */
public static final String HADOOP_SECURITY_SERVICE_USER_NAME_KEY = public static final String HADOOP_SECURITY_SERVICE_USER_NAME_KEY =
"hadoop.security.service.user.name.key"; "hadoop.security.service.user.name.key";
/** See <a href="{@docRoot}/../core-default.html">core-default.xml</a> */
public static final String HADOOP_SECURITY_AUTH_TO_LOCAL =
"hadoop.security.auth_to_local";
} }

View File

@ -25,7 +25,7 @@ import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.authentication.util.KerberosName; import org.apache.hadoop.security.authentication.util.KerberosName;
import org.apache.hadoop.security.authentication.util.KerberosUtil; import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
/** /**
* This class implements parsing and handling of Kerberos principal names. In * This class implements parsing and handling of Kerberos principal names. In
* particular, it splits them apart and translates them down into local * particular, it splits them apart and translates them down into local
@ -63,7 +63,7 @@ public class HadoopKerberosName extends KerberosName {
* @throws IOException * @throws IOException
*/ */
public static void setConfiguration(Configuration conf) throws IOException { public static void setConfiguration(Configuration conf) throws IOException {
String ruleString = conf.get("hadoop.security.auth_to_local", "DEFAULT"); String ruleString = conf.get(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL, "DEFAULT");
setRules(ruleString); setRules(ruleString);
} }

View File

@ -250,6 +250,12 @@
</description> </description>
</property> </property>
<property>
<name>hadoop.security.auth_to_local</name>
<value></value>
<description>Maps kerberos principals to local user names</description>
</property>
<!-- i/o properties --> <!-- i/o properties -->
<property> <property>
<name>io.file.buffer.size</name> <name>io.file.buffer.size</name>

View File

@ -44,6 +44,7 @@ import org.apache.hadoop.ipc.TestSaslRPC.TestTokenSecretManager;
import org.apache.hadoop.ipc.TestSaslRPC.TestTokenIdentifier; import org.apache.hadoop.ipc.TestSaslRPC.TestTokenIdentifier;
import org.apache.hadoop.ipc.TestSaslRPC.TestTokenSelector; import org.apache.hadoop.ipc.TestSaslRPC.TestTokenSelector;
import org.apache.commons.logging.*; import org.apache.commons.logging.*;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
/** /**
* *
@ -66,7 +67,7 @@ public class TestDoAsEffectiveUser {
static { static {
masterConf.set("hadoop.security.auth_to_local", masterConf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL,
"RULE:[2:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//" + "RULE:[2:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//" +
"RULE:[1:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//" "RULE:[1:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//"
+ "DEFAULT"); + "DEFAULT");

View File

@ -40,6 +40,7 @@ import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier; import org.apache.hadoop.security.token.TokenIdentifier;
import static org.apache.hadoop.test.MetricsAsserts.*; import static org.apache.hadoop.test.MetricsAsserts.*;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
public class TestUserGroupInformation { public class TestUserGroupInformation {
final private static String USER_NAME = "user1@HADOOP.APACHE.ORG"; final private static String USER_NAME = "user1@HADOOP.APACHE.ORG";
@ -68,7 +69,7 @@ public class TestUserGroupInformation {
@BeforeClass @BeforeClass
public static void setup() { public static void setup() {
Configuration conf = new Configuration(); Configuration conf = new Configuration();
conf.set("hadoop.security.auth_to_local", conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL,
"RULE:[2:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//" + "RULE:[2:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//" +
"RULE:[1:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//" "RULE:[1:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//"
+ "DEFAULT"); + "DEFAULT");

View File

@ -46,6 +46,7 @@ import org.apache.hadoop.hdfs.server.common.Util;
import org.apache.hadoop.hdfs.server.namenode.NNStorage.NameNodeDirType; import org.apache.hadoop.hdfs.server.namenode.NNStorage.NameNodeDirType;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
/** /**
* OfflineEditsViewerHelper is a helper class for TestOfflineEditsViewer, * OfflineEditsViewerHelper is a helper class for TestOfflineEditsViewer,
@ -106,7 +107,7 @@ public class OfflineEditsViewerHelper {
// blocksize for concat (file size must be multiple of blocksize) // blocksize for concat (file size must be multiple of blocksize)
config.setLong(DFSConfigKeys.DFS_BLOCK_SIZE_KEY, blockSize); config.setLong(DFSConfigKeys.DFS_BLOCK_SIZE_KEY, blockSize);
// for security to work (fake JobTracker user) // for security to work (fake JobTracker user)
config.set("hadoop.security.auth_to_local", config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL,
"RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//" + "DEFAULT"); "RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//" + "DEFAULT");
config.setBoolean( config.setBoolean(
DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true); DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);

View File

@ -56,6 +56,7 @@ import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import com.google.common.base.Joiner; import com.google.common.base.Joiner;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
/** /**
* Test case for client support of delegation tokens in an HA cluster. * Test case for client support of delegation tokens in an HA cluster.
@ -76,7 +77,7 @@ public class TestDelegationTokensWithHA {
public static void setupCluster() throws Exception { public static void setupCluster() throws Exception {
conf.setBoolean( conf.setBoolean(
DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true); DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);
conf.set("hadoop.security.auth_to_local", conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL,
"RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//" + "DEFAULT"); "RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//" + "DEFAULT");
cluster = new MiniDFSCluster.Builder(conf) cluster = new MiniDFSCluster.Builder(conf)

View File

@ -50,6 +50,8 @@ import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.protocol.HdfsConstants.SafeModeAction; import org.apache.hadoop.hdfs.protocol.HdfsConstants.SafeModeAction;
import org.apache.hadoop.hdfs.server.namenode.FSImageTestUtil; import org.apache.hadoop.hdfs.server.namenode.FSImageTestUtil;
import org.apache.hadoop.hdfs.HdfsConfiguration; import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
/** /**
* Test function of OfflineImageViewer by: * Test function of OfflineImageViewer by:
@ -96,7 +98,7 @@ public class TestOfflineImageViewer {
conf.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_MAX_LIFETIME_KEY, 10000); conf.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_MAX_LIFETIME_KEY, 10000);
conf.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_RENEW_INTERVAL_KEY, 5000); conf.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_RENEW_INTERVAL_KEY, 5000);
conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true); conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);
conf.set("hadoop.security.auth_to_local", conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL,
"RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//" + "DEFAULT"); "RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//" + "DEFAULT");
cluster = new MiniDFSCluster.Builder(conf).numDataNodes(4).build(); cluster = new MiniDFSCluster.Builder(conf).numDataNodes(4).build();
cluster.waitActive(); cluster.waitActive();

View File

@ -74,7 +74,7 @@ import org.junit.Test;
import org.mockito.Mockito; import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock; import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer; import org.mockito.stubbing.Answer;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
public class TestTokenCache { public class TestTokenCache {
private static final int NUM_OF_KEYS = 10; private static final int NUM_OF_KEYS = 10;
@ -158,7 +158,7 @@ public class TestTokenCache {
public static void setUp() throws Exception { public static void setUp() throws Exception {
Configuration conf = new Configuration(); Configuration conf = new Configuration();
conf.set("hadoop.security.auth_to_local", "RULE:[2:$1]"); conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL, "RULE:[2:$1]");
dfsCluster = new MiniDFSCluster(conf, numSlaves, true, null); dfsCluster = new MiniDFSCluster(conf, numSlaves, true, null);
jConf = new JobConf(conf); jConf = new JobConf(conf);
mrCluster = new MiniMRCluster(0, 0, numSlaves, mrCluster = new MiniMRCluster(0, 0, numSlaves,