Larry McCay created HADOOP-10342: ------------------------------------ Summary: Extend UserGroupInformation to return a UGI given a preauthenticated kerberos Subject Key: HADOOP-10342 URL: https://issues.apache.org/jira/browse/HADOOP-10342 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Larry McCay Assignee: Larry McCay
We need the ability to use a Subject that was created inside an embedding application through a kerberos authentication. For example, an application that uses JAAS to authenticate to a KDC should be able to provide the resulting Subject and get a UGI instance to call doAs on. Example: {code} UserGroupInformation.setConfiguration(conf); LoginContext context = new LoginContext("com.sun.security.jgss.login", new UserNamePasswordCallbackHandler(userName, password)); context.login(); Subject subject = context.getSubject(); final UserGroupInformation ugi2 = UserGroupInformation.getUGIFromSubject(subject); ugi2.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { final FileSystem fs = FileSystem.get(conf); int i=0; for (FileStatus status : fs.listStatus(new Path("/user"))) { System.out.println(status.getPath()); System.out.println(status); if (i++ > 10) { System.out.println("only first 10 showed..."); break; } } return null; } }); {code} -- This message was sent by Atlassian JIRA (v6.1.5#6160)