[jira] [Commented] (HADOOP-10342) Extend UserGroupInformation to return a UGI given a preauthenticated kerberos Subject

Sat, 15 Feb 2014 03:11:59 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13902387#comment-13902387
 ] 

Hudson commented on HADOOP-10342:
---------------------------------

FAILURE: Integrated in Hadoop-Yarn-trunk #482 (See 
[https://builds.apache.org/job/Hadoop-Yarn-trunk/482/])
HADOOP-10342. Add a new method to UGI to use a Kerberos login subject to
build a new UGI. (Larry McCay via omalley) (omalley: 
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1568525)
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* 
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
* 
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
* 
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGIWithSecurityOn.java
* 
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java


> Extend UserGroupInformation to return a UGI given a preauthenticated kerberos 
> Subject
> -------------------------------------------------------------------------------------
>
>                 Key: HADOOP-10342
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10342
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>         Attachments: 10342.patch
>
>
> We need the ability to use a Subject that was created inside an embedding 
> application through a kerberos authentication. For example, an application 
> that uses JAAS to authenticate to a KDC should be able to provide the 
> resulting Subject and get a UGI instance to call doAs on.
> Example: 
> {code}
>         UserGroupInformation.setConfiguration(conf);
>               LoginContext context = new 
> LoginContext("com.sun.security.jgss.login", new 
> UserNamePasswordCallbackHandler(userName, password));
>               context.login();
>               
>               Subject subject = context.getSubject();
>           final UserGroupInformation ugi2 = 
> UserGroupInformation.getUGIFromSubject(subject);
>         ugi2.doAs(new PrivilegedExceptionAction<Object>() {
>             @Override
>             public Object run() throws Exception {
>                 final FileSystem fs = FileSystem.get(conf);
>                 int i=0;
>                 for (FileStatus status : fs.listStatus(new Path("/user"))) {
>                     System.out.println(status.getPath());
>                     System.out.println(status);
>                     if (i++ > 10) {
>                         System.out.println("only first 10 showed...");
>                         break;
>                     }
>                 }
>                 return null;
>             }
>         });
> {code}



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to