zoukankan      html  css  js  c++  java
  • hadoop KerberosUtil 做Kerberos认证

    网上找了一下,自己写了个KerberosUtil工具类,测试过可以用。

    注意这个不是 org.apache.hadoop.security.authentication.util.KerberosUtil类。

    public class KerberosUtil {
        
        /**
         * 通过Kerberos认证用户的,注意keytabPath为本地路径不是HDFS路径
         * @param conf
         * @param user  user为运行jar的hadoop用户
         * @param keytabPath
         * @throws IOException
         */
        public static void AuthenByKerberos(Configuration conf,String user,String keytabPath) throws IOException{
            UserGroupInformation.setConfiguration(conf);
             if(! UserGroupInformation.isSecurityEnabled()) 
                  return;
            UserGroupInformation.getCurrentUser().setAuthenticationMethod(AuthenticationMethod.KERBEROS);
            UserGroupInformation.loginUserFromKeytab(user,keytabPath);
        }
        
        /**
         * 通过Kerberos认证用户的,注意keytabPath为本地路径不是HDFS路径
         * @param conf
         * @param keytabPath
         * @throws IOException
         */
        public static void AuthenByKerberos(Configuration conf,String keytabPath) throws IOException{
            String user=UserGroupInformation.getLoginUser().getUserName();
            AuthenByKerberos(conf,user,keytabPath);
        }
    }

    其实网上用的SecurityUtil.login()登录验证,源码中也是调用 UserGroupInformation.loginUserFromKeytab(),只不过多做了一些处理。

    下面是login()方法的源码。

      /**
       * Login as a principal specified in config. Substitute $host in user's Kerberos principal 
       * name with hostname. If non-secure mode - return. If no keytab available -
       * bail out with an exception
       * 
       * @param conf
       *          conf to use
       * @param keytabFileKey
       *          the key to look for keytab file in conf
       * @param userNameKey
       *          the key to look for user's Kerberos principal name in conf
       * @param hostname
       *          hostname to use for substitution
       * @throws IOException if the config doesn't specify a keytab
       */
      @InterfaceAudience.Public
      @InterfaceStability.Evolving
      public static void login(final Configuration conf,
          final String keytabFileKey, final String userNameKey, String hostname)
          throws IOException {
        
        if(! UserGroupInformation.isSecurityEnabled()) 
          return;
        
        String keytabFilename = conf.get(keytabFileKey);
        if (keytabFilename == null || keytabFilename.length() == 0) {
          throw new IOException("Running in secure mode, but config doesn't have a keytab");
        }
    
        String principalConfig = conf.get(userNameKey, System
            .getProperty("user.name"));
        String principalName = SecurityUtil.getServerPrincipal(principalConfig,
            hostname);
        UserGroupInformation.loginUserFromKeytab(principalName, keytabFilename);
      }

    另:在linux 的shell窗口做认证命令kinit -kt /home/..../cluster_keytab/fileName.keytab   userName   (写自己的认证文件和用户名)

  • 相关阅读:
    解决Windows2003不能自动分配移动存储设备及硬盘盘符
    Asp.net2.0工具包AjaxControlToolkit下载和安装
    VC++开发MapX
    MapXtreme 中改变feature颜色
    IIS 发布网站流程
    net 2.0下的asp.net ajax基本使用方法
    vs2005下,"回发或回调参数无效"的解决方法
    MapXtreme 2005 地图标注全攻略
    Mapxtreme符号化
    MapXtreme 使用技巧10例
  • 原文地址:https://www.cnblogs.com/yanghaolie/p/9082517.html
Copyright © 2011-2022 走看看