Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-10342

Extend UserGroupInformation to return a UGI given a preauthenticated kerberos Subject

VotersStop watchingWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 2.5.0
    • security
    • None
    • Add getUGIFromSubject to leverage an external kerberos authentication

    Description

      We need the ability to use a Subject that was created inside an embedding application through a kerberos authentication. For example, an application that uses JAAS to authenticate to a KDC should be able to provide the resulting Subject and get a UGI instance to call doAs on.

      Example:

              UserGroupInformation.setConfiguration(conf);
      
      		LoginContext context = new LoginContext("com.sun.security.jgss.login", new UserNamePasswordCallbackHandler(userName, password));
      		context.login();
      		
      		Subject subject = context.getSubject();
      
      	    final UserGroupInformation ugi2 = UserGroupInformation.getUGIFromSubject(subject);
      
              ugi2.doAs(new PrivilegedExceptionAction<Object>() {
                  @Override
                  public Object run() throws Exception {
                      final FileSystem fs = FileSystem.get(conf);
                      int i=0;
      
                      for (FileStatus status : fs.listStatus(new Path("/user"))) {
                          System.out.println(status.getPath());
                          System.out.println(status);
                          if (i++ > 10) {
                              System.out.println("only first 10 showed...");
                              break;
                          }
                      }
                      return null;
                  }
              });
      

      Attachments

        1. 10342.patch
          7 kB
          Larry McCay
        2. 10342.branch-2.patch
          4 kB
          Larry McCay
        3. 10342.branch-2.3.patch
          4 kB
          Larry McCay
        4. 10342.branch-1.patch
          4 kB
          Larry McCay
        5. 10342.branch-1.2.patch
          4 kB
          Larry McCay

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            lmccay Larry McCay
            lmccay Larry McCay
            Votes:
            0 Vote for this issue
            Watchers:
            10 Stop watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment