HADOOP-6947. Kerberos relogin should set refreshKrb5Config to true. Contributed by Todd Lipcon.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1027654 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Thomas White 2010-10-26 17:04:51 +00:00
parent 3d27eaad25
commit da234df25d
3 changed files with 61 additions and 0 deletions

View File

@ -272,6 +272,9 @@ Trunk (unreleased changes)
HADOOP-6933. TestListFiles is flaky. (Todd Lipcon via tomwhite) HADOOP-6933. TestListFiles is flaky. (Todd Lipcon via tomwhite)
HADOOP-6947. Kerberos relogin should set refreshKrb5Config to true.
(Todd Lipcon via tomwhite)
Release 0.21.1 - Unreleased Release 0.21.1 - Unreleased
IMPROVEMENTS IMPROVEMENTS

View File

@ -378,6 +378,7 @@ public class UserGroupInformation {
KEYTAB_KERBEROS_OPTIONS.put("doNotPrompt", "true"); KEYTAB_KERBEROS_OPTIONS.put("doNotPrompt", "true");
KEYTAB_KERBEROS_OPTIONS.put("useKeyTab", "true"); KEYTAB_KERBEROS_OPTIONS.put("useKeyTab", "true");
KEYTAB_KERBEROS_OPTIONS.put("storeKey", "true"); KEYTAB_KERBEROS_OPTIONS.put("storeKey", "true");
KEYTAB_KERBEROS_OPTIONS.put("refreshKrb5Config", "true");
} }
private static final AppConfigurationEntry KEYTAB_KERBEROS_LOGIN = private static final AppConfigurationEntry KEYTAB_KERBEROS_LOGIN =
new AppConfigurationEntry(Krb5LoginModule.class.getName(), new AppConfigurationEntry(Krb5LoginModule.class.getName(),

View File

@ -0,0 +1,57 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.hadoop.security;
import org.apache.hadoop.security.UserGroupInformation;
import static org.junit.Assert.assertTrue;
/**
* Regression test for HADOOP-6947 which can be run manually in
* a kerberos environment.
*
* To run this test, set up two keytabs, each with a different principal.
* Then run something like:
* <code>
* HADOOP_CLASSPATH=build/test/classes bin/hadoop \
* org.apache.hadoop.security.ManualTestKeytabLogins \
* usera/test@REALM /path/to/usera-keytab \
* userb/test@REALM /path/to/userb-keytab
* </code>
*/
public class ManualTestKeytabLogins {
public static void main(String []args) throws Exception {
if (args.length != 4) {
System.err.println(
"usage: ManualTestKeytabLogins <principal 1> <keytab 1> <principal 2> <keytab 2>");
System.exit(1);
}
UserGroupInformation ugi1 =
UserGroupInformation.loginUserFromKeytabAndReturnUGI(
args[0], args[1]);
System.out.println("UGI 1 = " + ugi1);
assertTrue(ugi1.getUserName().equals(args[0]));
UserGroupInformation ugi2 =
UserGroupInformation.loginUserFromKeytabAndReturnUGI(
args[2], args[3]);
System.out.println("UGI 2 = " + ugi2);
assertTrue(ugi2.getUserName().equals(args[2]));
}
}