principal = expandPrincipal(principal);
public static void loginForMasterService(CConfiguration cConf) throws IOException, LoginException { String principal = getMasterPrincipal(cConf); String keytabPath = getMasterKeytabURI(cConf); if (UserGroupInformation.isSecurityEnabled()) { Path keytabFile = Paths.get(keytabPath); Preconditions.checkArgument(Files.isReadable(keytabFile), "Keytab file is not a readable file: %s", keytabFile); String expandedPrincipal = expandPrincipal(principal); LOG.info("Logging in as: principal={}, keytab={}", principal, keytabPath); UserGroupInformation.loginUserFromKeytab(expandedPrincipal, keytabPath); long delaySec = cConf.getLong(Constants.Security.KERBEROS_KEYTAB_RELOGIN_INTERVAL); Executors.newSingleThreadScheduledExecutor(Threads.createDaemonThreadFactory("Kerberos keytab renewal")) .scheduleWithFixedDelay(new Runnable() { @Override public void run() { try { UserGroupInformation.getLoginUser().checkTGTAndReloginFromKeytab(); } catch (IOException e) { LOG.error("Failed to relogin from keytab", e); } } }, delaySec, delaySec, TimeUnit.SECONDS); } }
@Test public void testExpandPrincipal() throws Exception { String localHostname = InetAddress.getLocalHost().getCanonicalHostName(); Assert.assertNull(SecurityUtil.expandPrincipal(null)); Assert.assertEquals("user/" + localHostname + "@REALM.NET", SecurityUtil.expandPrincipal("user/_HOST@REALM.NET")); Assert.assertEquals("user/abc.com@REALM.NET", SecurityUtil.expandPrincipal("user/abc.com@REALM.NET")); Assert.assertEquals("_HOST/abc.com@REALM.NET", SecurityUtil.expandPrincipal("_HOST/abc.com@REALM.NET")); Assert.assertEquals("_HOST/" + localHostname + "@REALM.NET", SecurityUtil.expandPrincipal("_HOST/_HOST@REALM.NET")); Assert.assertEquals("user/_host@REALM.NET", SecurityUtil.expandPrincipal("user/_host@REALM.NET")); }
new File(keytabURI.getPath()) : localizeKeytab(locationFactory.create(keytabURI)); try { String expandedPrincipal = SecurityUtil.expandPrincipal(impersonationRequest.getPrincipal()); LOG.debug("Logging in as: principal={}, keytab={}", expandedPrincipal, localKeytabFile);