HADOOP-11332. KerberosAuthenticator#doSpnegoSequence should check if kerberos TGT is available in the subject. Contributed by Dian Fu. (cherry picked from commit 9d1a8f5897d585bec96de32116fbd2118f8e0f95)
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/534a021e Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/534a021e Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/534a021e Branch: refs/heads/branch-2 Commit: 534a021e70ac2764617eeaf9dd8f93c7683a0b68 Parents: 58c9711 Author: Aaron T. Myers <a...@apache.org> Authored: Wed Dec 3 18:53:45 2014 -0800 Committer: Aaron T. Myers <a...@apache.org> Committed: Wed Dec 3 18:54:26 2014 -0800 ---------------------------------------------------------------------- .../security/authentication/client/KerberosAuthenticator.java | 6 +++++- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/534a021e/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java index e4ebf1b..928866c 100644 --- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java +++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java @@ -23,6 +23,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import javax.security.auth.Subject; +import javax.security.auth.kerberos.KerberosKey; +import javax.security.auth.kerberos.KerberosTicket; import javax.security.auth.login.AppConfigurationEntry; import javax.security.auth.login.Configuration; import javax.security.auth.login.LoginContext; @@ -247,7 +249,9 @@ public class KerberosAuthenticator implements Authenticator { try { AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); - if (subject == null) { + if (subject == null + || (subject.getPrivateCredentials(KerberosKey.class).isEmpty() + && subject.getPrivateCredentials(KerberosTicket.class).isEmpty())) { LOG.debug("No subject in context, logging in"); subject = new Subject(); LoginContext login = new LoginContext("", subject, http://git-wip-us.apache.org/repos/asf/hadoop/blob/534a021e/hadoop-common-project/hadoop-common/CHANGES.txt ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 62f7ea9..655216e 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -133,6 +133,9 @@ Release 2.7.0 - UNRELEASED HADOOP-11342. KMS key ACL should ignore ALL operation for default key ACL and whitelist key ACL. (Dian Fu via wang) + HADOOP-11332. KerberosAuthenticator#doSpnegoSequence should check if + kerberos TGT is available in the subject. (Dian Fu via atm) + Release 2.6.0 - 2014-11-18 INCOMPATIBLE CHANGES