@Override public boolean saslEnabled() { return getSiteConfiguration().getBoolean(Property.INSTANCE_RPC_SASL_ENABLED); }
public boolean doInit(SiteConfiguration siteConfig, Opts opts, Configuration conf, VolumeManager fs) throws IOException { if (!checkInit(conf, fs, siteConfig, conf)) { return false; } // prompt user for instance name and root password early, in case they // abort, we don't leave an inconsistent HDFS/ZooKeeper structure String instanceNamePath; try { instanceNamePath = getInstanceNamePath(opts); } catch (Exception e) { log.error("FATAL: Failed to talk to zookeeper", e); return false; } String rootUser; try { rootUser = getRootUserName(siteConfig, opts); } catch (Exception e) { log.error("FATAL: Failed to obtain user for administrative privileges"); return false; } // Don't prompt for a password when we're running SASL(Kerberos) if (siteConfig.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) { opts.rootpass = UUID.randomUUID().toString().getBytes(UTF_8); } else { opts.rootpass = getRootPassword(siteConfig, opts, rootUser); } return initialize(siteConfig, conf, opts, instanceNamePath, fs, rootUser); }
private String getRootUserName(SiteConfiguration siteConfig, Opts opts) throws IOException { final String keytab = siteConfig.get(Property.GENERAL_KERBEROS_KEYTAB); if (keytab.equals(Property.GENERAL_KERBEROS_KEYTAB.getDefaultValue()) || !siteConfig.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) { return DEFAULT_ROOT_USER; } ConsoleReader c = getConsoleReader(); c.println("Running against secured HDFS"); if (opts.rootUser != null) { return opts.rootUser; } do { String user = c.readLine("Principal (user) to grant administrative privileges to : "); if (user == null) { // should not happen System.exit(1); } if (!user.isEmpty()) { return user; } } while (true); }
public static SystemCredentials get(String instanceID, SiteConfiguration siteConfig) { String principal = SYSTEM_PRINCIPAL; if (siteConfig.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) { // Use the server's kerberos principal as the Accumulo principal. We could also unwrap the // principal server-side, but the principal for SystemCredentials // isn't actually used anywhere, so it really doesn't matter. We can't include the kerberos // principal in the SystemToken as it would break equality when // different Accumulo servers are using different kerberos principals are their accumulo // principal principal = SecurityUtil .getServerPrincipal(siteConfig.get(Property.GENERAL_KERBEROS_PRINCIPAL)); } return new SystemCredentials(instanceID, principal, SystemToken.get(instanceID, siteConfig)); }
if (siteConf.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) { final UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
Configuration hadoopConf = new Configuration(); if (siteConf.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) { SecurityUtil.serverLogin(siteConf);
if (siteConf.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) { final UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
EasyMock.expect(siteConfig.getBoolean(EasyMock.anyObject(Property.class))) .andAnswer(new IAnswer<Boolean>() { @Override