Details
-
Improvement
-
Status: Open
-
Blocker
-
Resolution: Unresolved
-
2.5.0, 2.6.0, 2.7.0, 2.5.1, 2.6.1, 2.8.0, 2.7.1, 2.7.2
-
None
-
None
Description
When attempting to use The Hadoop Alternate Authentication Classes. They do not exactly work with what was built with YARN-1935.
I went ahead and made the following changes to support using a Custom AltKerberos DelegationToken custom class.
Changes to: TimelineAuthenticationFilterInitializer.class
String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); LOG.info("AuthType Configured: "+authType); if (authType.equals(PseudoAuthenticationHandler.TYPE)) { filterConfig.put(AuthenticationFilter.AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName()); LOG.info("AuthType: PseudoDelegationTokenAuthenticationHandler"); } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || (UserGroupInformation.isSecurityEnabled() && conf.get("hadoop.security.authentication").equals(KerberosAuthenticationHandler.TYPE))) { if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { filterConfig.put(AuthenticationFilter.AUTH_TYPE, authType); LOG.info("AuthType: "+authType); } else { filterConfig.put(AuthenticationFilter.AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName()); LOG.info("AuthType: KerberosDelegationTokenAuthenticationHandler"); } // Resolve _HOST into bind address String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); String principal = filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL); if (principal != null) { try { principal = SecurityUtil.getServerPrincipal(principal, bindAddress); } catch (IOException ex) { throw new RuntimeException( "Could not resolve Kerberos principal name: " + ex.toString(), ex); } filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, principal); } }
Attachments
Attachments
Issue Links
- is related to
-
YARN-1935 Security for timeline server
-
- Resolved
-
-
-
- Closed
-
-
-
- Resolved
-