org.apache.hadoop.security
Class MultiRealmUserAuthentication

java.lang.Object
  extended by org.apache.hadoop.security.MultiRealmUserAuthentication

public class MultiRealmUserAuthentication
extends Object

Utility class to support users and servers belonging two different realms


Field Summary
static String KERBEROS_USER_REALM
           
 
Constructor Summary
MultiRealmUserAuthentication()
           
 
Method Summary
static UserGroupInformation getServerUGIForUserRealm(Configuration conf)
          return the subject for server Principal in the user realm This will be the same name as the server principal of the default realm with the realm name replaced with the user realm name.
static boolean isAUserInADifferentRealm(UserGroupInformation ticket, Configuration conf)
          returns true if this is a user in a different realm than the default realm of the Hadoop servers.
static String replaceRealmWithUserRealm(String principalName, Configuration conf)
          replaces the realm part of the principal name with the user realm This method will be invoked by client side
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

KERBEROS_USER_REALM

public static String KERBEROS_USER_REALM
Constructor Detail

MultiRealmUserAuthentication

public MultiRealmUserAuthentication()
Method Detail

getServerUGIForUserRealm

public static UserGroupInformation getServerUGIForUserRealm(Configuration conf)
return the subject for server Principal in the user realm This will be the same name as the server principal of the default realm with the realm name replaced with the user realm name. Once created, the the UGI is cached.

Parameters:
conf -
Returns:
UserGroupInformation

isAUserInADifferentRealm

public static boolean isAUserInADifferentRealm(UserGroupInformation ticket,
                                               Configuration conf)
returns true if this is a user in a different realm than the default realm of the Hadoop servers. returns true if all the following conditions are satisfied a) if there is a different user realm b) if the user is not a server c) if the user is part of the user realm

Parameters:
ticket -
conf -
Returns:
boolean

replaceRealmWithUserRealm

public static String replaceRealmWithUserRealm(String principalName,
                                               Configuration conf)
replaces the realm part of the principal name with the user realm This method will be invoked by client side

Parameters:
principalName -
conf -
Returns:
string value containing server principal in user realm


Copyright © 2009 The Apache Software Foundation