/** * Login with given keytab and principal. This can be used for both SPN(Service Principal Name) * and UPN(User Principal Name) which format should be clientname@REALM. * @param fileConfKey config name for client keytab * @param principalConfKey config name for client principal * @throws IOException underlying exception from UserGroupInformation.loginUserFromKeytab */ public void login(String fileConfKey, String principalConfKey) throws IOException { User.login(getConf().get(fileConfKey), getConf().get(principalConfKey)); } }
/** * Log in the current process using the given configuration keys for the credential file and login * principal. It is for SPN(Service Principal Name) login. SPN should be this format, * servicename/fully.qualified.domain.name@REALM. * <p> * <strong>This is only applicable when running on secure Hadoop</strong> -- see * org.apache.hadoop.security.SecurityUtil#login(Configuration,String,String,String). On regular * Hadoop (without security features), this will safely be ignored. * </p> * @param fileConfKey Property key used to configure path to the credential file * @param principalConfKey Property key used to configure login principal * @param localhost Current hostname to use in any credentials * @throws IOException underlying exception from SecurityUtil.login() call */ public void login(String fileConfKey, String principalConfKey, String localhost) throws IOException { User.login(getConf(), fileConfKey, principalConfKey, localhost); }
/** * test login with security enabled configuration To run this test, we must specify the following * system properties: * <p> * <b> hbase.regionserver.kerberos.principal </b> * <p> * <b> hbase.regionserver.keytab.file </b> * @throws IOException */ @Test public void testUserLoginInSecureHadoop() throws Exception { // Default login is system user. UserGroupInformation defaultLogin = UserGroupInformation.getCurrentUser(); String nnKeyTab = getKeytabFileForTesting(); String dnPrincipal = getPrincipalForTesting(); assertNotNull("KerberosKeytab was not specified", nnKeyTab); assertNotNull("KerberosPrincipal was not specified", dnPrincipal); Configuration conf = getSecuredConfiguration(); UserGroupInformation.setConfiguration(conf); User.login(conf, HBaseKerberosUtils.KRB_KEYTAB_FILE, HBaseKerberosUtils.KRB_PRINCIPAL, "localhost"); UserGroupInformation successLogin = UserGroupInformation.getLoginUser(); assertFalse("ugi should be different in in case success login", defaultLogin.equals(successLogin)); }
config.get(QueryServices.HBASE_CLIENT_KEYTAB)); UserGroupInformation.setConfiguration(config); User.login(config, QueryServices.HBASE_CLIENT_KEYTAB, QueryServices.HBASE_CLIENT_PRINCIPAL, null); logger.info("Successful login to secure cluster");
/** * Log in the current process using the given configuration keys for the credential file and login * principal. * <p> * <strong>This is only applicable when running on secure Hadoop</strong> -- see * org.apache.hadoop.security.SecurityUtil#login(Configuration,String,String,String). On regular * Hadoop (without security features), this will safely be ignored. * </p> * @param fileConfKey Property key used to configure path to the credential file * @param principalConfKey Property key used to configure login principal * @param localhost Current hostname to use in any credentials * @throws IOException underlying exception from SecurityUtil.login() call */ public void login(String fileConfKey, String principalConfKey, String localhost) throws IOException { User.login(getConf(), fileConfKey, principalConfKey, localhost); } }
/** * Log in the current process using the given configuration keys for the credential file and login * principal. * <p> * <strong>This is only applicable when running on secure Hadoop</strong> -- see * org.apache.hadoop.security.SecurityUtil#login(Configuration,String,String,String). On regular * Hadoop (without security features), this will safely be ignored. * </p> * @param fileConfKey Property key used to configure path to the credential file * @param principalConfKey Property key used to configure login principal * @param localhost Current hostname to use in any credentials * @throws IOException underlying exception from SecurityUtil.login() call */ public void login(String fileConfKey, String principalConfKey, String localhost) throws IOException { User.login(getConf(), fileConfKey, principalConfKey, localhost); } }
/** * Log in the current process using the given configuration keys for the credential file and login * principal. * <p> * <strong>This is only applicable when running on secure Hadoop</strong> -- see * org.apache.hadoop.security.SecurityUtil#login(Configuration,String,String,String). On regular * Hadoop (without security features), this will safely be ignored. * </p> * @param fileConfKey Property key used to configure path to the credential file * @param principalConfKey Property key used to configure login principal * @param localhost Current hostname to use in any credentials * @throws IOException underlying exception from SecurityUtil.login() call */ public void login(String fileConfKey, String principalConfKey, String localhost) throws IOException { User.login(getConf(), fileConfKey, principalConfKey, localhost); } }
User.login(this.conf, "hbase.regionserver.keytab.file", "hbase.regionserver.kerberos.principal", this.isa.getHostName()); regionServerAccounting = new RegionServerAccounting();
/** * Start up or shuts down the Thrift server, depending on the arguments. * @param args */ void doMain(final String[] args) throws Exception { processOptions(args); // login the server principal (if using secure Hadoop) if (User.isSecurityEnabled() && User.isHBaseSecurityEnabled(conf)) { String machineName = Strings.domainNamePointerToHostName( DNS.getDefaultHost(conf.get("hbase.thrift.dns.interface", "default"), conf.get("hbase.thrift.dns.nameserver", "default"))); User.login(conf, "hbase.thrift.keytab.file", "hbase.thrift.kerberos.principal", machineName); } serverRunner = new ThriftServerRunner(conf); // Put up info server. int port = conf.getInt("hbase.thrift.info.port", 9095); if (port >= 0) { conf.setLong("startcode", System.currentTimeMillis()); String a = conf.get("hbase.thrift.info.bindAddress", "0.0.0.0"); infoServer = new InfoServer("thrift", a, port, false, conf); infoServer.setAttribute("hbase.conf", conf); infoServer.start(); } serverRunner.run(); }
User.login(hbaseConf, "hbase.regionserver.keytab.file", "hbase.regionserver.kerberos.principal", hostName);
User.login(hbaseConf, "hbase.regionserver.keytab.file", "hbase.regionserver.kerberos.principal", hostName);
User.login(conf, "hbase.master.keytab.file", "hbase.master.kerberos.principal", this.isa.getHostName());
DNS.getDefaultHost(conf.get("hbase.rest.dns.interface", "default"), conf.get("hbase.rest.dns.nameserver", "default"))); User.login(conf, "hbase.rest.keytab.file", "hbase.rest.kerberos.principal", machineName);
config.get(QueryServices.HBASE_CLIENT_KEYTAB)); UserGroupInformation.setConfiguration(config); User.login(config, QueryServices.HBASE_CLIENT_KEYTAB, QueryServices.HBASE_CLIENT_PRINCIPAL, null); logger.info("Successful login to secure cluster");
config.get(QueryServices.HBASE_CLIENT_KEYTAB)); UserGroupInformation.setConfiguration(config); User.login(config, QueryServices.HBASE_CLIENT_KEYTAB, QueryServices.HBASE_CLIENT_PRINCIPAL, null); logger.info("Successful login to secure cluster");
UserGroupInformation defaultLogin = UserGroupInformation.getLoginUser(); Configuration conf = getConfigurationWoPrincipal(); User.login(conf, HBaseKerberosUtils.KRB_KEYTAB_FILE, HBaseKerberosUtils.KRB_PRINCIPAL, "localhost"); UserGroupInformation.setConfiguration(conf); User.login(conf, HBaseKerberosUtils.KRB_KEYTAB_FILE, HBaseKerberosUtils.KRB_PRINCIPAL, "localhost"); UserGroupInformation successLogin = UserGroupInformation.getLoginUser();