Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-10342

Extend UserGroupInformation to return a UGI given a preauthenticated kerberos Subject

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5.0
    • Component/s: security
    • Labels:
      None
    • Target Version/s:
    • Release Note:
      Add getUGIFromSubject to leverage an external kerberos authentication

      Description

      We need the ability to use a Subject that was created inside an embedding application through a kerberos authentication. For example, an application that uses JAAS to authenticate to a KDC should be able to provide the resulting Subject and get a UGI instance to call doAs on.

      Example:

              UserGroupInformation.setConfiguration(conf);
      
      		LoginContext context = new LoginContext("com.sun.security.jgss.login", new UserNamePasswordCallbackHandler(userName, password));
      		context.login();
      		
      		Subject subject = context.getSubject();
      
      	    final UserGroupInformation ugi2 = UserGroupInformation.getUGIFromSubject(subject);
      
              ugi2.doAs(new PrivilegedExceptionAction<Object>() {
                  @Override
                  public Object run() throws Exception {
                      final FileSystem fs = FileSystem.get(conf);
                      int i=0;
      
                      for (FileStatus status : fs.listStatus(new Path("/user"))) {
                          System.out.println(status.getPath());
                          System.out.println(status);
                          if (i++ > 10) {
                              System.out.println("only first 10 showed...");
                              break;
                          }
                      }
                      return null;
                  }
              });
      

        Attachments

        1. 10342.patch
          7 kB
          Larry McCay
        2. 10342.branch-2.patch
          4 kB
          Larry McCay
        3. 10342.branch-2.3.patch
          4 kB
          Larry McCay
        4. 10342.branch-1.patch
          4 kB
          Larry McCay
        5. 10342.branch-1.2.patch
          4 kB
          Larry McCay

          Activity

            People

            • Assignee:
              lmccay Larry McCay
              Reporter:
              lmccay Larry McCay
            • Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: