public boolean authenticateUser(TCredentials credentials, TCredentials toAuth) throws ThriftSecurityException { canAskAboutUser(credentials, toAuth.getPrincipal()); // User is already authenticated from canAskAboutUser if (credentials.equals(toAuth)) return true; try { Credentials toCreds = Credentials.fromThrift(toAuth); if (isKerberos) { // If we have kerberos credentials for a user from the network but no account // in the system, we need to make one before proceeding if (!authenticator.userExists(toCreds.getPrincipal())) { createUser(credentials, toCreds, Authorizations.EMPTY); } // Likely that the KerberosAuthenticator will fail as we don't have the credentials for the // other user, // we only have our own Kerberos credentials. } return authenticator.authenticateUser(toCreds.getPrincipal(), toCreds.getToken()); } catch (AccumuloSecurityException e) { throw e.asThriftException(); } }
SecurityErrorCode.INVALID_INSTANCEID); Credentials creds = Credentials.fromThrift(credentials);