ManualTestKeytabLogins.java

ddas Wed, 06 Jun 2012 13:28:52 -0700

Author: ddas
Date: Wed Jun  6 20:28:28 2012
New Revision: 1347101

URL: http://svn.apache.org/viewvc?rev=1347101&view=rev
Log:
HADOOP-6947.  Kerberos relogin should set refreshKrb5Config to true. 
Contributed by Todd Lipcon


Added:
    
hadoop/common/branches/branch-1.1/src/test/org/apache/hadoop/security/ManualTestKeytabLogins.java
Modified:
    hadoop/common/branches/branch-1.1/CHANGES.txt
    
hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/UserGroupInformation.java

Modified: hadoop/common/branches/branch-1.1/CHANGES.txt
URL: 
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/CHANGES.txt?rev=1347101&r1=1347100&r2=1347101&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.1/CHANGES.txt (original)
+++ hadoop/common/branches/branch-1.1/CHANGES.txt Wed Jun  6 20:28:28 2012
@@ -246,6 +246,9 @@ Release 1.1.0 - unreleased
 
     HADOOP-5464. DFSClient did not treat write timeout of 0 properly.
     (Raghu Angadi and Brandon Li via szetszwo)
+
+    HADOOP-6947.  Kerberos relogin should set refreshKrb5Config to true.
+    (Todd Lipcon via ddas)
     
 Release 1.0.3 - 2012.05.07
 

Modified: 
hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/UserGroupInformation.java
URL: 
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/UserGroupInformation.java?rev=1347101&r1=1347100&r2=1347101&view=diff
==============================================================================
--- 
hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/UserGroupInformation.java
 (original)
+++ 
hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/UserGroupInformation.java
 Wed Jun  6 20:28:28 2012
@@ -376,6 +376,7 @@ public class UserGroupInformation {
       KEYTAB_KERBEROS_OPTIONS.put("doNotPrompt", "true");
       KEYTAB_KERBEROS_OPTIONS.put("useKeyTab", "true");
       KEYTAB_KERBEROS_OPTIONS.put("storeKey", "true");
+      KEYTAB_KERBEROS_OPTIONS.put("refreshKrb5Config", "true");
     }
     private static final AppConfigurationEntry KEYTAB_KERBEROS_LOGIN =
       new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(),

Added: 
hadoop/common/branches/branch-1.1/src/test/org/apache/hadoop/security/ManualTestKeytabLogins.java
URL: 
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/src/test/org/apache/hadoop/security/ManualTestKeytabLogins.java?rev=1347101&view=auto
==============================================================================
--- 
hadoop/common/branches/branch-1.1/src/test/org/apache/hadoop/security/ManualTestKeytabLogins.java
 (added)
+++ 
hadoop/common/branches/branch-1.1/src/test/org/apache/hadoop/security/ManualTestKeytabLogins.java
 Wed Jun  6 20:28:28 2012
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.security;
+
+import org.apache.hadoop.security.UserGroupInformation;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * Regression test for HADOOP-6947 which can be run manually in
+ * a kerberos environment.
+ *
+ * To run this test, set up two keytabs, each with a different principal.
+ * Then run something like:
+ *  <code>
+ *  HADOOP_CLASSPATH=build/test/classes bin/hadoop \
+ *     org.apache.hadoop.security.ManualTestKeytabLogins \
+ *     usera/test@REALM  /path/to/usera-keytab \
+ *     userb/test@REALM  /path/to/userb-keytab
+ *  </code>
+ */
+public class ManualTestKeytabLogins {
+
+  public static void main(String []args) throws Exception {
+    if (args.length != 4) {
+      System.err.println(
+        "usage: ManualTestKeytabLogins <principal 1> <keytab 1> <principal 2> 
<keytab 2>");
+      System.exit(1);
+    }
+
+    UserGroupInformation ugi1 =
+      UserGroupInformation.loginUserFromKeytabAndReturnUGI(
+        args[0], args[1]);
+    System.out.println("UGI 1 = " + ugi1);
+    assertTrue(ugi1.getUserName().equals(args[0]));
+    
+    UserGroupInformation ugi2 =
+      UserGroupInformation.loginUserFromKeytabAndReturnUGI(
+        args[2], args[3]);
+    System.out.println("UGI 2 = " + ugi2);
+    assertTrue(ugi2.getUserName().equals(args[2]));
+  }
+}

svn commit: r1347101 - in /hadoop/common/branches/branch-1.1: CHANGES.txt src/core/org/apache/hadoop/security/UserGroupInformation.java src/test/org/apache/hadoop/security/ManualTestKeytabLogins.java

Reply via email to