From 52007208ba2e3b0161a446427cbeed85b9611676 Mon Sep 17 00:00:00 2001
From: Todd Lipcon <todd@apache.org>
Date: Wed, 7 Mar 2012 18:42:46 +0000
Subject: [PATCH] HADOOP-8141. Add method to SecurityUtil to init krb5 cipher
 suites. Contributed by Todd Lipcon.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-0.23@1298035 13f79535-47bb-0310-9956-ffa450edef68
---
 hadoop-common-project/hadoop-common/CHANGES.txt            | 3 +++
 .../hadoop/security/Krb5AndCertsSslSocketConnector.java    | 2 +-
 .../main/java/org/apache/hadoop/security/SecurityUtil.java | 7 +++++++
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt
index 31c65b58370..243735926a5 100644
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -71,6 +71,9 @@ Release 0.23.3 - UNRELEASED
     HADOOP-8142. Update versions from 0.23.2 to 0.23.3 in the build files.
     (szetszwo)
 
+    HADOOP-8141. Add method to SecurityUtil to init krb5 cipher suites.
+    (todd)
+
   OPTIMIZATIONS
 
   BUG FIXES
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Krb5AndCertsSslSocketConnector.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Krb5AndCertsSslSocketConnector.java
index c8be9fd7118..625cad52d35 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Krb5AndCertsSslSocketConnector.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Krb5AndCertsSslSocketConnector.java
@@ -58,7 +58,7 @@ public class Krb5AndCertsSslSocketConnector extends SslSocketConnector {
     Collections.unmodifiableList(Collections.singletonList(
           "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"));
   static {
-    System.setProperty("https.cipherSuites", KRB5_CIPHER_SUITES.get(0));
+    SecurityUtil.initKrb5CipherSuites();
   }
   
   private static final Log LOG = LogFactory
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
index 26858874649..31895624f00 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
@@ -598,4 +598,11 @@ void setSearchDomains(String ... domains) {
       searchDomains = Arrays.asList(domains);
     }
   }  
+
+  public static void initKrb5CipherSuites() {
+    if (UserGroupInformation.isSecurityEnabled()) {
+      System.setProperty("https.cipherSuites",
+          Krb5AndCertsSslSocketConnector.KRB5_CIPHER_SUITES.get(0));
+    }
+  }
 }