HADOOP-6947. Kerberos relogin should set refreshKrb5Config to true. Contributed by Todd Lipcon.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1027654 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
3d27eaad25
commit
da234df25d
|
@ -272,6 +272,9 @@ Trunk (unreleased changes)
|
||||||
|
|
||||||
HADOOP-6933. TestListFiles is flaky. (Todd Lipcon via tomwhite)
|
HADOOP-6933. TestListFiles is flaky. (Todd Lipcon via tomwhite)
|
||||||
|
|
||||||
|
HADOOP-6947. Kerberos relogin should set refreshKrb5Config to true.
|
||||||
|
(Todd Lipcon via tomwhite)
|
||||||
|
|
||||||
Release 0.21.1 - Unreleased
|
Release 0.21.1 - Unreleased
|
||||||
|
|
||||||
IMPROVEMENTS
|
IMPROVEMENTS
|
||||||
|
|
|
@ -378,6 +378,7 @@ public class UserGroupInformation {
|
||||||
KEYTAB_KERBEROS_OPTIONS.put("doNotPrompt", "true");
|
KEYTAB_KERBEROS_OPTIONS.put("doNotPrompt", "true");
|
||||||
KEYTAB_KERBEROS_OPTIONS.put("useKeyTab", "true");
|
KEYTAB_KERBEROS_OPTIONS.put("useKeyTab", "true");
|
||||||
KEYTAB_KERBEROS_OPTIONS.put("storeKey", "true");
|
KEYTAB_KERBEROS_OPTIONS.put("storeKey", "true");
|
||||||
|
KEYTAB_KERBEROS_OPTIONS.put("refreshKrb5Config", "true");
|
||||||
}
|
}
|
||||||
private static final AppConfigurationEntry KEYTAB_KERBEROS_LOGIN =
|
private static final AppConfigurationEntry KEYTAB_KERBEROS_LOGIN =
|
||||||
new AppConfigurationEntry(Krb5LoginModule.class.getName(),
|
new AppConfigurationEntry(Krb5LoginModule.class.getName(),
|
||||||
|
|
|
@ -0,0 +1,57 @@
|
||||||
|
/**
|
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
* or more contributor license agreements. See the NOTICE file
|
||||||
|
* distributed with this work for additional information
|
||||||
|
* regarding copyright ownership. The ASF licenses this file
|
||||||
|
* to you under the Apache License, Version 2.0 (the
|
||||||
|
* "License"); you may not use this file except in compliance
|
||||||
|
* with the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.apache.hadoop.security;
|
||||||
|
|
||||||
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
|
import static org.junit.Assert.assertTrue;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Regression test for HADOOP-6947 which can be run manually in
|
||||||
|
* a kerberos environment.
|
||||||
|
*
|
||||||
|
* To run this test, set up two keytabs, each with a different principal.
|
||||||
|
* Then run something like:
|
||||||
|
* <code>
|
||||||
|
* HADOOP_CLASSPATH=build/test/classes bin/hadoop \
|
||||||
|
* org.apache.hadoop.security.ManualTestKeytabLogins \
|
||||||
|
* usera/test@REALM /path/to/usera-keytab \
|
||||||
|
* userb/test@REALM /path/to/userb-keytab
|
||||||
|
* </code>
|
||||||
|
*/
|
||||||
|
public class ManualTestKeytabLogins {
|
||||||
|
|
||||||
|
public static void main(String []args) throws Exception {
|
||||||
|
if (args.length != 4) {
|
||||||
|
System.err.println(
|
||||||
|
"usage: ManualTestKeytabLogins <principal 1> <keytab 1> <principal 2> <keytab 2>");
|
||||||
|
System.exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
UserGroupInformation ugi1 =
|
||||||
|
UserGroupInformation.loginUserFromKeytabAndReturnUGI(
|
||||||
|
args[0], args[1]);
|
||||||
|
System.out.println("UGI 1 = " + ugi1);
|
||||||
|
assertTrue(ugi1.getUserName().equals(args[0]));
|
||||||
|
|
||||||
|
UserGroupInformation ugi2 =
|
||||||
|
UserGroupInformation.loginUserFromKeytabAndReturnUGI(
|
||||||
|
args[2], args[3]);
|
||||||
|
System.out.println("UGI 2 = " + ugi2);
|
||||||
|
assertTrue(ugi2.getUserName().equals(args[2]));
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue