org.apache.hadoop.security
Class MultiRealmUserAuthentication
java.lang.Object
org.apache.hadoop.security.MultiRealmUserAuthentication
public class MultiRealmUserAuthentication
- extends Object
Utility class to support users and servers belonging two different realms
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
KERBEROS_USER_REALM
public static String KERBEROS_USER_REALM
MultiRealmUserAuthentication
public MultiRealmUserAuthentication()
getServerUGIForUserRealm
public static UserGroupInformation getServerUGIForUserRealm(Configuration conf)
- return the subject for server Principal in the user realm
This will be the same name as the server principal of the default realm with the
realm name replaced with the user realm name.
Once created, the the UGI is cached.
- Parameters:
conf
-
- Returns:
- UserGroupInformation
isAUserInADifferentRealm
public static boolean isAUserInADifferentRealm(UserGroupInformation ticket,
Configuration conf)
- returns true if this is a user in a different realm than the default
realm of the Hadoop servers.
returns true if all the following conditions are satisfied
a) if there is a different user realm
b) if the user is not a server
c) if the user is part of the user realm
- Parameters:
ticket
- conf
-
- Returns:
- boolean
replaceRealmWithUserRealm
public static String replaceRealmWithUserRealm(String principalName,
Configuration conf)
- replaces the realm part of the principal name with the user realm
This method will be invoked by client side
- Parameters:
principalName
- conf
-
- Returns:
- string value containing server principal in user realm
Copyright © 2009 The Apache Software Foundation