[jira] [Created] (YARN-4006) YARN ATS Alternate Kerberos HTTP Authentication Changes

Fri, 31 Jul 2015 10:22:20 -0700 

Greg Senia created YARN-4006:
--------------------------------

             Summary: YARN ATS Alternate Kerberos HTTP Authentication Changes
                 Key: YARN-4006
                 URL: https://issues.apache.org/jira/browse/YARN-4006
             Project: Hadoop YARN
          Issue Type: Improvement
          Components: security, timelineserver
    Affects Versions: 2.7.0, 2.6.0, 2.5.0, 2.8.0
            Reporter: Greg Senia


When attempting to use The Hadoop Alternate Authentication Classes. They do not 
exactly work with what was built with 
https://issues.apache.org/jira/browse/YARN-1935.

I went ahead and made the following changes to support using a Custom 
AltKerberos DelegationToken custom class.

Changes to: TimelineAuthenticationFilterInitializer.class
   String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE);


    LOG.info("AuthType Configured: "+authType);
    if (authType.equals(PseudoAuthenticationHandler.TYPE)) {

      filterConfig.put(AuthenticationFilter.AUTH_TYPE,
          PseudoDelegationTokenAuthenticationHandler.class.getName());
        LOG.info("AuthType: PseudoDelegationTokenAuthenticationHandler");

    } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || 
(UserGroupInformation.isSecurityEnabled() && 
conf.get("hadoop.security.authentication").equals(KerberosAuthenticationHandler.TYPE)))
 {

      if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) {
        filterConfig.put(AuthenticationFilter.AUTH_TYPE,
          authType);
        LOG.info("AuthType: "+authType);
      } else {
        filterConfig.put(AuthenticationFilter.AUTH_TYPE,
          KerberosDelegationTokenAuthenticationHandler.class.getName());
        LOG.info("AuthType: KerberosDelegationTokenAuthenticationHandler");
      } 


      // Resolve _HOST into bind address
      String bindAddress = conf.get(HttpServer2.BIND_ADDRESS);
      String principal =
          filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL);
      if (principal != null) {
        try {
          principal = SecurityUtil.getServerPrincipal(principal, bindAddress);
        } catch (IOException ex) {
          throw new RuntimeException(
              "Could not resolve Kerberos principal name: " + ex.toString(), 
ex);
        }
        filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL,
            principal);
      }
    }
 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to