(ozone) branch master updated: HDDS-10328. Support cross realm Kerberos out of box. (#6192)

[weichiu]

This is an automated email from the ASF dual-hosted git repository.

weichiu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git


The following commit(s) were added to refs/heads/master by this push:
     new 5715aee571 HDDS-10328. Support cross realm Kerberos out of box. (#6192)
5715aee571 is described below

commit 5715aee57168698a78075aa12f01c0d57b5b1f7d
Author: Wei-Chiu Chuang <weic...@apache.org>
AuthorDate: Thu Feb 8 12:26:34 2024 -0800

    HDDS-10328. Support cross realm Kerberos out of box. (#6192)
---
 hadoop-hdds/common/src/main/resources/ozone-default.xml           | 8 ++++++++
 .../src/main/java/org/apache/hadoop/ozone/om/OMConfigKeys.java    | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/hadoop-hdds/common/src/main/resources/ozone-default.xml 
b/hadoop-hdds/common/src/main/resources/ozone-default.xml
index 094fbff16d..bfb0547caf 100644
--- a/hadoop-hdds/common/src/main/resources/ozone-default.xml
+++ b/hadoop-hdds/common/src/main/resources/ozone-default.xml
@@ -2226,6 +2226,14 @@
     <tag>OZONE, SECURITY, KERBEROS</tag>
     <description>The OzoneManager service principal. Ex 
om/_h...@realm.com</description>
   </property>
+  <property>
+    <name>ozone.om.kerberos.principal.pattern</name>
+    <value>*</value>
+    <description>
+      A client-side RegEx that can be configured to control
+      allowed realms to authenticate with (useful in cross-realm env.)
+    </description>
+  </property>
   <property>
     <name>ozone.om.http.auth.kerberos.principal</name>
     <value>HTTP/_HOST@REALM</value>
diff --git 
a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OMConfigKeys.java
 
b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OMConfigKeys.java
index 5dd7579eb9..faa5096baf 100644
--- 
a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OMConfigKeys.java
+++ 
b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OMConfigKeys.java
@@ -289,6 +289,8 @@ public final class OMConfigKeys {
       + "kerberos.keytab.file";
   public static final String OZONE_OM_KERBEROS_PRINCIPAL_KEY = "ozone.om"
       + ".kerberos.principal";
+  public static final String OZONE_OM_KERBEROS_PRINCIPAL_PATTERN_KEY =
+      "ozone.om.kerberos.principal.pattern";
   public static final String OZONE_OM_HTTP_KERBEROS_KEYTAB_FILE =
       "ozone.om.http.auth.kerberos.keytab";
   public static final String OZONE_OM_HTTP_KERBEROS_PRINCIPAL_KEY


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@ozone.apache.org
For additional commands, e-mail: commits-h...@ozone.apache.org