org.apache.hadoop.minikdc.MiniKdc Java Examples

The following examples show how to use org.apache.hadoop.minikdc.MiniKdc. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KDCFixture.java    From elasticsearch-hadoop with Apache License 2.0 6 votes vote down vote up
@Override
protected void before() throws Throwable {
    Properties conf = MiniKdc.createConf();
    conf.setProperty(MiniKdc.ORG_NAME, "BUILD.ELASTIC");
    conf.setProperty(MiniKdc.ORG_DOMAIN, "CO");
    kdc = new MiniKdc(conf, temporaryFolder.newFolder());
    kdc.start();

    /*
     * So, this test suite is run alongside other suites that are initializing static state
     * all throughout the Hadoop code with the assumption that Kerberos doesn't exist, and
     * no one in this JVM will ever care about it existing. KerberosName has a static field
     * set once and left as-is at class loading time. That field contains the default realm
     * as specified by the JVM's krb5 conf file. MiniKdc adds a test conf file to the JVM
     * properties after it starts up. We need to smash the glass and update the defaultRealm
     * field on the KerberosName class or else Hadoop will not be able to map a Kerberos
     * Principal Name to a regular user name with the DEFAULT rule.
     */
    Field defaultRealm = KerberosName.class.getDeclaredField("defaultRealm");
    defaultRealm.setAccessible(true);
    previousDefaultRealm = (String) defaultRealm.get(null);
    defaultRealm.set(null, KerberosUtil.getDefaultRealm());
}
 
Example #2
Source File: TestShadeSaslAuthenticationProvider.java    From hbase with Apache License 2.0 6 votes vote down vote up
@BeforeClass
public static void setupCluster() throws Exception {
  KEYTAB_FILE = new File(
      UTIL.getDataTestDir("keytab").toUri().getPath());
  final MiniKdc kdc = UTIL.setupMiniKdc(KEYTAB_FILE);

  // Adds our test impls instead of creating service loader entries which
  // might inadvertently get them loaded on a real cluster.
  CONF.setStrings(SaslClientAuthenticationProviders.EXTRA_PROVIDERS_KEY,
      ShadeSaslClientAuthenticationProvider.class.getName());
  CONF.setStrings(SaslServerAuthenticationProviders.EXTRA_PROVIDERS_KEY,
      ShadeSaslServerAuthenticationProvider.class.getName());
  CONF.set(SaslClientAuthenticationProviders.SELECTOR_KEY,
      ShadeProviderSelector.class.getName());

  CLUSTER = createCluster(UTIL, KEYTAB_FILE, kdc,
      Collections.singletonMap("user1", USER1_PASSWORD));
  CLUSTER.startup();
}
 
Example #3
Source File: SaslDataTransferTestCase.java    From big-c with Apache License 2.0 6 votes vote down vote up
@BeforeClass
public static void initKdc() throws Exception {
  baseDir = new File(System.getProperty("test.build.dir", "target/test-dir"),
    SaslDataTransferTestCase.class.getSimpleName());
  FileUtil.fullyDelete(baseDir);
  assertTrue(baseDir.mkdirs());

  Properties kdcConf = MiniKdc.createConf();
  kdc = new MiniKdc(kdcConf, baseDir);
  kdc.start();

  String userName = UserGroupInformation.getLoginUser().getShortUserName();
  File keytabFile = new File(baseDir, userName + ".keytab");
  keytab = keytabFile.getAbsolutePath();
  kdc.createPrincipal(keytabFile, userName + "/localhost", "HTTP/localhost");
  hdfsPrincipal = userName + "/localhost@" + kdc.getRealm();
  spnegoPrincipal = "HTTP/localhost@" + kdc.getRealm();
}
 
Example #4
Source File: CustomSaslAuthenticationProviderTestBase.java    From hbase with Apache License 2.0 6 votes vote down vote up
protected static void startCluster(String rpcServerImpl) throws Exception {
  KEYTAB_FILE = new File(UTIL.getDataTestDir("keytab").toUri().getPath());
  final MiniKdc kdc = UTIL.setupMiniKdc(KEYTAB_FILE);

  // Adds our test impls instead of creating service loader entries which
  // might inadvertently get them loaded on a real cluster.
  CONF.setStrings(SaslClientAuthenticationProviders.EXTRA_PROVIDERS_KEY,
    InMemoryClientProvider.class.getName());
  CONF.setStrings(SaslServerAuthenticationProviders.EXTRA_PROVIDERS_KEY,
    InMemoryServerProvider.class.getName());
  CONF.set(SaslClientAuthenticationProviders.SELECTOR_KEY,
    InMemoryProviderSelector.class.getName());
  createBaseCluster(UTIL, KEYTAB_FILE, kdc);
  CONF.set(RpcServerFactory.CUSTOM_RPC_SERVER_IMPL_CONF_KEY, rpcServerImpl);
  CLUSTER = new LocalHBaseCluster(CONF, 1);
  CLUSTER.startup();
}
 
Example #5
Source File: CustomSaslAuthenticationProviderTestBase.java    From hbase with Apache License 2.0 6 votes vote down vote up
private static void createBaseCluster(HBaseTestingUtility util, File keytabFile, MiniKdc kdc)
  throws Exception {
  String servicePrincipal = "hbase/localhost";
  String spnegoPrincipal = "HTTP/localhost";
  kdc.createPrincipal(keytabFile, servicePrincipal);
  util.startMiniZKCluster();

  HBaseKerberosUtils.setSecuredConfiguration(util.getConfiguration(),
    servicePrincipal + "@" + kdc.getRealm(), spnegoPrincipal + "@" + kdc.getRealm());
  HBaseKerberosUtils.setSSLConfiguration(util, SecureTestCluster.class);

  util.getConfiguration().setStrings(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY,
    TokenProvider.class.getName());
  util.startMiniDFSCluster(1);
  Path rootdir = util.getDataTestDirOnTestFS("TestCustomSaslAuthenticationProvider");
  CommonFSUtils.setRootDir(util.getConfiguration(), rootdir);
}
 
Example #6
Source File: JMSSaslGssapiTest.java    From activemq-artemis with Apache License 2.0 6 votes vote down vote up
@Before
public void setUpKerberos() throws Exception {
   kdc = new MiniKdc(MiniKdc.createConf(), temporaryFolder.newFolder("kdc"));
   kdc.start();

   // hard coded match, default_keytab_name in minikdc-krb5.conf template
   File userKeyTab = new File("target/test.krb5.keytab");
   kdc.createPrincipal(userKeyTab, "client", "amqp/localhost");

   if (debug) {
      for (java.util.logging.Logger logger : new java.util.logging.Logger[] {java.util.logging.Logger.getLogger("javax.security.sasl"), java.util.logging.Logger.getLogger("org.apache.qpid.proton")}) {
         logger.setLevel(java.util.logging.Level.FINEST);
         logger.addHandler(new java.util.logging.ConsoleHandler());
         for (java.util.logging.Handler handler : logger.getHandlers()) {
            handler.setLevel(java.util.logging.Level.FINEST);
         }
      }
   }
}
 
Example #7
Source File: TestKMS.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@BeforeClass
public static void setUpMiniKdc() throws Exception {
  File kdcDir = getTestDir();
  Properties kdcConf = MiniKdc.createConf();
  kdc = new MiniKdc(kdcConf, kdcDir);
  kdc.start();
  keytab = new File(kdcDir, "keytab");
  List<String> principals = new ArrayList<String>();
  principals.add("HTTP/localhost");
  principals.add("client");
  principals.add("hdfs");
  principals.add("otheradmin");
  principals.add("client/host");
  principals.add("client1");
  for (KMSACLs.Type type : KMSACLs.Type.values()) {
    principals.add(type.toString());
  }
  principals.add("CREATE_MATERIAL");
  principals.add("ROLLOVER_MATERIAL");
  kdc.createPrincipal(keytab,
      principals.toArray(new String[principals.size()]));
}
 
Example #8
Source File: TestKMS.java    From big-c with Apache License 2.0 6 votes vote down vote up
@BeforeClass
public static void setUpMiniKdc() throws Exception {
  File kdcDir = getTestDir();
  Properties kdcConf = MiniKdc.createConf();
  kdc = new MiniKdc(kdcConf, kdcDir);
  kdc.start();
  keytab = new File(kdcDir, "keytab");
  List<String> principals = new ArrayList<String>();
  principals.add("HTTP/localhost");
  principals.add("client");
  principals.add("hdfs");
  principals.add("otheradmin");
  principals.add("client/host");
  principals.add("client1");
  for (KMSACLs.Type type : KMSACLs.Type.values()) {
    principals.add(type.toString());
  }
  principals.add("CREATE_MATERIAL");
  principals.add("ROLLOVER_MATERIAL");
  kdc.createPrincipal(keytab,
      principals.toArray(new String[principals.size()]));
}
 
Example #9
Source File: SaslDataTransferTestCase.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@BeforeClass
public static void initKdc() throws Exception {
  baseDir = new File(System.getProperty("test.build.dir", "target/test-dir"),
    SaslDataTransferTestCase.class.getSimpleName());
  FileUtil.fullyDelete(baseDir);
  assertTrue(baseDir.mkdirs());

  Properties kdcConf = MiniKdc.createConf();
  kdc = new MiniKdc(kdcConf, baseDir);
  kdc.start();

  String userName = UserGroupInformation.getLoginUser().getShortUserName();
  File keytabFile = new File(baseDir, userName + ".keytab");
  keytab = keytabFile.getAbsolutePath();
  kdc.createPrincipal(keytabFile, userName + "/localhost", "HTTP/localhost");
  hdfsPrincipal = userName + "/localhost@" + kdc.getRealm();
  spnegoPrincipal = "HTTP/localhost@" + kdc.getRealm();
}
 
Example #10
Source File: TestSecurityContext.java    From datacollector with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void startKdc() throws Exception {
  testDir = new File("target", UUID.randomUUID().toString()).getAbsoluteFile();
  Assert.assertTrue(testDir.mkdirs());
  File kdcDir = new File(testDir, "kdc");
  Assert.assertTrue(kdcDir.mkdirs());
  keytabFile = new File(testDir, "test.keytab");
  miniKdc = new MiniKdc(MiniKdc.createConf(), testDir);
  miniKdc.start();
  miniKdc.createPrincipal(keytabFile, "foo", "bar/localhost");
}
 
Example #11
Source File: TestRMWebServicesDelegationTokens.java    From big-c with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setupKDC() throws Exception {
  testRootDir = new File("target",
    TestRMWebServicesDelegationTokens.class.getName() + "-root");
  testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
  testMiniKDC.start();
  testMiniKDC.createPrincipal(httpSpnegoKeytabFile, "HTTP/localhost",
    "client", "client2", "client3");
}
 
Example #12
Source File: TestRMWebServicesHttpStaticUserPermissions.java    From big-c with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUp() {
  try {
    testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
    setupKDC();
    setupAndStartRM();
  } catch (Exception e) {
    fail("Couldn't create MiniKDC");
  }
}
 
Example #13
Source File: AbstractSecureRegistryTest.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Sets up the KDC and a set of principals in the JAAS file
 *
 * @throws Exception
 */
public static void setupKDCAndPrincipals() throws Exception {
  // set up the KDC
  File target = new File(System.getProperty("test.dir", "target"));
  kdcWorkDir = new File(target, "kdc");
  kdcWorkDir.mkdirs();
  if (!kdcWorkDir.mkdirs()) {
    assertTrue(kdcWorkDir.isDirectory());
  }
  kdcConf = MiniKdc.createConf();
  kdcConf.setProperty(MiniKdc.DEBUG, "true");
  kdc = new MiniKdc(kdcConf, kdcWorkDir);
  kdc.start();

  keytab_zk = createKeytab(ZOOKEEPER, "zookeeper.keytab");
  keytab_alice = createKeytab(ALICE, "alice.keytab");
  keytab_bob = createKeytab(BOB, "bob.keytab");
  zkServerPrincipal = Shell.WINDOWS ? ZOOKEEPER_1270001 : ZOOKEEPER_LOCALHOST;

  StringBuilder jaas = new StringBuilder(1024);
  jaas.append(registrySecurity.createJAASEntry(ZOOKEEPER_CLIENT_CONTEXT,
      ZOOKEEPER, keytab_zk));
  jaas.append(registrySecurity.createJAASEntry(ZOOKEEPER_SERVER_CONTEXT,
      zkServerPrincipal, keytab_zk));
  jaas.append(registrySecurity.createJAASEntry(ALICE_CLIENT_CONTEXT,
      ALICE_LOCALHOST , keytab_alice));
  jaas.append(registrySecurity.createJAASEntry(BOB_CLIENT_CONTEXT,
      BOB_LOCALHOST, keytab_bob));

  jaasFile = new File(kdcWorkDir, "jaas.txt");
  FileUtils.write(jaasFile, jaas.toString());
  LOG.info("\n"+ jaas);
  RegistrySecurity.bindJVMtoJAASFile(jaasFile);
}
 
Example #14
Source File: TestUGILoginFromKeytab.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Before
public void startMiniKdc() throws Exception {
  // This setting below is required. If not enabled, UGI will abort
  // any attempt to loginUserFromKeytab.
  Configuration conf = new Configuration();
  conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION,
      "kerberos");
  UserGroupInformation.setConfiguration(conf);
  workDir = folder.getRoot();
  kdc = new MiniKdc(MiniKdc.createConf(), workDir);
  kdc.start();
}
 
Example #15
Source File: BaseSecurityTest.java    From incubator-atlas with Apache License 2.0 5 votes vote down vote up
protected File startKDC() throws Exception {
    File target = Files.createTempDirectory("sectest").toFile();
    File kdcWorkDir = new File(target, "kdc");
    Properties kdcConf = MiniKdc.createConf();
    kdcConf.setProperty(MiniKdc.DEBUG, "true");
    kdc = new MiniKdc(kdcConf, kdcWorkDir);
    kdc.start();

    Assert.assertNotNull(kdc.getRealm());
    return kdcWorkDir;
}
 
Example #16
Source File: KdcLocalCluster.java    From hadoop-mini-clusters with Apache License 2.0 5 votes vote down vote up
@Override
public void start() throws Exception {

    LOG.info("KDC: Starting MiniKdc");
    configure();
    miniKdc = new MiniKdc(conf, new File(baseDir));
    miniKdc.start();

    UserGroupInformation ugi = UserGroupInformation.createRemoteUser("guest");
    UserGroupInformation.setLoginUser(ugi);
    String username = UserGroupInformation.getLoginUser().getShortUserName();

    List<String> temp = new ArrayList<>(principals);
    temp.add(username);
    this.principals = Collections.unmodifiableList(temp);

    principals.forEach(p -> {
        try {
            File keytab = new File(baseDir, p + ".keytab");
            LOG.info("KDC: Creating keytab for {} in {}", p, keytab);
            miniKdc.createPrincipal(keytab, p, getKrbPrincipal(p), getKrbPrincipalWithRealm(p));
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    });
    refreshDefaultRealm();
    prepareSecureConfiguration(username);
}
 
Example #17
Source File: SpliceTestKDCPlatform.java    From spliceengine with GNU Affero General Public License v3.0 5 votes vote down vote up
public void startLdapServer(MiniKdc miniKdc) throws Exception {
    ldapServer = new LdapServer();
    Field f = MiniKdc.class.getDeclaredField("ds");
    f.setAccessible(true);
    DirectoryService ds = (DirectoryService) f.get(miniKdc);
    ldapServer.setDirectoryService(ds);
    TcpTransport tcpTransport = new TcpTransport(4016);
    ldapServer.setTransports(tcpTransport);
    LOG.info(ds.getAdminSession().getAuthenticatedPrincipal().getDn());
    ldapServer.start();
}
 
Example #18
Source File: CoreClientOverOneWaySSLKerb5Test.java    From activemq-artemis with Apache License 2.0 5 votes vote down vote up
@Override
@Before
public void setUp() throws Exception {
   super.setUp();
   kdc = new MiniKdc(MiniKdc.createConf(), temporaryFolder.newFolder("kdc"));
   kdc.start();
}
 
Example #19
Source File: TestShadeSaslAuthenticationProvider.java    From hbase with Apache License 2.0 5 votes vote down vote up
static LocalHBaseCluster createCluster(HBaseTestingUtility util, File keytabFile,
    MiniKdc kdc, Map<String,char[]> userDatabase) throws Exception {
  String servicePrincipal = "hbase/localhost";
  String spnegoPrincipal = "HTTP/localhost";
  kdc.createPrincipal(keytabFile, servicePrincipal);
  util.startMiniZKCluster();

  HBaseKerberosUtils.setSecuredConfiguration(util.getConfiguration(),
      servicePrincipal + "@" + kdc.getRealm(), spnegoPrincipal + "@" + kdc.getRealm());
  HBaseKerberosUtils.setSSLConfiguration(util, TestShadeSaslAuthenticationProvider.class);

  util.getConfiguration().setStrings(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY,
      TokenProvider.class.getName());
  util.startMiniDFSCluster(1);
  Path testDir = util.getDataTestDirOnTestFS("TestShadeSaslAuthenticationProvider");
  USER_DATABASE_FILE = new Path(testDir, "user-db.txt");

  createUserDBFile(
      USER_DATABASE_FILE.getFileSystem(CONF), USER_DATABASE_FILE, userDatabase);
  CONF.set(ShadeSaslServerAuthenticationProvider.PASSWORD_FILE_KEY,
      USER_DATABASE_FILE.toString());

  Path rootdir = new Path(testDir, "hbase-root");
  CommonFSUtils.setRootDir(CONF, rootdir);
  LocalHBaseCluster cluster = new LocalHBaseCluster(CONF, 1);
  return cluster;
}
 
Example #20
Source File: SaslGssApiIntegrationTest.java    From qpid-jms with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUpKerberos() throws Exception {
    servicePrincipal = prepareServiceName();
    LOG.info("Using service principal: " + servicePrincipal);

    Path targetDir = FileSystems.getDefault().getPath("target");
    Path tempDirectory = Files.createTempDirectory(targetDir, "junit.SaslGssApiIntegrationTest.");
    File root = tempDirectory.toFile();

    kdc = new MiniKdc(MiniKdc.createConf(), new File(root, "kdc"));
    kdc.start();

    // hard coded match, default_keytab_name in minikdc-krb5.conf template
    File userKeyTab = new File(KRB5_KEYTAB);
    kdc.createPrincipal(userKeyTab, CLIENT_PRINCIPAL_LOGIN_CONFIG, CLIENT_PRINCIPAL_FACTORY_USERNAME,
            CLIENT_PRINCIPAL_URI_USERNAME, CLIENT_PRINCIPAL_DEFAULT_CONFIG_SCOPE, servicePrincipal);

    if (DEBUG) {
        Keytab kt = Keytab.read(userKeyTab);
        for (KeytabEntry entry : kt.getEntries()) {
            LOG.info("KeyTab Entry: PrincipalName:" + entry.getPrincipalName() + " ; KeyInfo:"+ entry.getKey().getKeyType());
        }

        java.util.logging.Logger logger = java.util.logging.Logger.getLogger("javax.security.sasl");
        logger.setLevel(java.util.logging.Level.FINEST);
        logger.addHandler(new java.util.logging.ConsoleHandler());
        for (java.util.logging.Handler handler : logger.getHandlers()) {
            handler.setLevel(java.util.logging.Level.FINEST);
        }
    }
}
 
Example #21
Source File: KDCServer.java    From nifi with Apache License 2.0 5 votes vote down vote up
public KDCServer(final File baseDir) {
    this.baseDir = baseDir;

    this.kdcProperties = MiniKdc.createConf();
    this.kdcProperties.setProperty(MiniKdc.INSTANCE, "DefaultKrbServer");
    this.kdcProperties.setProperty(MiniKdc.ORG_NAME, "NIFI");
    this.kdcProperties.setProperty(MiniKdc.ORG_DOMAIN, "COM");
}
 
Example #22
Source File: TestKrbConnectionTimeout.java    From incubator-sentry with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setup() throws Exception {
  Assume.assumeTrue("true".equalsIgnoreCase(System.getProperty(
      "sentry.hive.test.ticket.timeout", "false")));
  kdcConfOverlay.setProperty(MiniKdc.MAX_TICKET_LIFETIME, "300001");
  setup();
}
 
Example #23
Source File: TestRMWebappAuthentication.java    From big-c with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUp() {
  try {
    testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
    setupKDC();
  } catch (Exception e) {
    assertTrue("Couldn't create MiniKDC", false);
  }
}
 
Example #24
Source File: TestRMWebServicesDelegationTokenAuthentication.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUp() {
  try {
    testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
    setupKDC();
    setupAndStartRM();
  } catch (Exception e) {
    assertTrue("Couldn't create MiniKDC", false);
  }
}
 
Example #25
Source File: TestRMWebappAuthentication.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUp() {
  try {
    testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
    setupKDC();
  } catch (Exception e) {
    assertTrue("Couldn't create MiniKDC", false);
  }
}
 
Example #26
Source File: BaseSecurityTest.java    From atlas with Apache License 2.0 5 votes vote down vote up
protected File startKDC() throws Exception {
    File target = Files.createTempDirectory("sectest").toFile();
    File kdcWorkDir = new File(target, "kdc");
    Properties kdcConf = MiniKdc.createConf();
    kdcConf.setProperty(MiniKdc.DEBUG, "true");
    kdc = new MiniKdc(kdcConf, kdcWorkDir);
    kdc.start();

    Assert.assertNotNull(kdc.getRealm());
    return kdcWorkDir;
}
 
Example #27
Source File: TestRMWebServicesDelegationTokens.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setupKDC() throws Exception {
  testRootDir = new File("target",
    TestRMWebServicesDelegationTokens.class.getName() + "-root");
  testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
  testMiniKDC.start();
  testMiniKDC.createPrincipal(httpSpnegoKeytabFile, "HTTP/localhost",
    "client", "client2", "client3");
}
 
Example #28
Source File: TestRMWebServicesHttpStaticUserPermissions.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUp() {
  try {
    testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
    setupKDC();
    setupAndStartRM();
  } catch (Exception e) {
    fail("Couldn't create MiniKDC");
  }
}
 
Example #29
Source File: AbstractSecureRegistryTest.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * Sets up the KDC and a set of principals in the JAAS file
 *
 * @throws Exception
 */
public static void setupKDCAndPrincipals() throws Exception {
  // set up the KDC
  File target = new File(System.getProperty("test.dir", "target"));
  kdcWorkDir = new File(target, "kdc");
  kdcWorkDir.mkdirs();
  if (!kdcWorkDir.mkdirs()) {
    assertTrue(kdcWorkDir.isDirectory());
  }
  kdcConf = MiniKdc.createConf();
  kdcConf.setProperty(MiniKdc.DEBUG, "true");
  kdc = new MiniKdc(kdcConf, kdcWorkDir);
  kdc.start();

  keytab_zk = createKeytab(ZOOKEEPER, "zookeeper.keytab");
  keytab_alice = createKeytab(ALICE, "alice.keytab");
  keytab_bob = createKeytab(BOB, "bob.keytab");
  zkServerPrincipal = Shell.WINDOWS ? ZOOKEEPER_1270001 : ZOOKEEPER_LOCALHOST;

  StringBuilder jaas = new StringBuilder(1024);
  jaas.append(registrySecurity.createJAASEntry(ZOOKEEPER_CLIENT_CONTEXT,
      ZOOKEEPER, keytab_zk));
  jaas.append(registrySecurity.createJAASEntry(ZOOKEEPER_SERVER_CONTEXT,
      zkServerPrincipal, keytab_zk));
  jaas.append(registrySecurity.createJAASEntry(ALICE_CLIENT_CONTEXT,
      ALICE_LOCALHOST , keytab_alice));
  jaas.append(registrySecurity.createJAASEntry(BOB_CLIENT_CONTEXT,
      BOB_LOCALHOST, keytab_bob));

  jaasFile = new File(kdcWorkDir, "jaas.txt");
  FileUtils.write(jaasFile, jaas.toString());
  LOG.info("\n"+ jaas);
  RegistrySecurity.bindJVMtoJAASFile(jaasFile);
}
 
Example #30
Source File: TestUGILoginFromKeytab.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Before
public void startMiniKdc() throws Exception {
  // This setting below is required. If not enabled, UGI will abort
  // any attempt to loginUserFromKeytab.
  Configuration conf = new Configuration();
  conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION,
      "kerberos");
  UserGroupInformation.setConfiguration(conf);
  workDir = folder.getRoot();
  kdc = new MiniKdc(MiniKdc.createConf(), workDir);
  kdc.start();
}