You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by mo...@apache.org on 2020/04/30 09:54:28 UTC
[knox] branch master updated: KNOX-2348 - Fix knoxcli when kerberos
auth is used (#331)
This is an automated email from the ASF dual-hosted git repository.
more pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new f4019ae KNOX-2348 - Fix knoxcli when kerberos auth is used (#331)
f4019ae is described below
commit f4019ae33eca291ac19b87822e12b150eaea3b24
Author: Sandeep Moré <mo...@gmail.com>
AuthorDate: Thu Apr 30 05:54:21 2020 -0400
KNOX-2348 - Fix knoxcli when kerberos auth is used (#331)
---
.../src/main/java/org/apache/knox/gateway/util/KnoxCLI.java | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/util/KnoxCLI.java b/gateway-server/src/main/java/org/apache/knox/gateway/util/KnoxCLI.java
index 9e5ab5d..dbf9e76 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/util/KnoxCLI.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/util/KnoxCLI.java
@@ -160,6 +160,7 @@ public class KnoxCLI extends Configured implements Tool {
if (exitCode != 0) {
return exitCode;
}
+
if (command != null && command.validate()) {
initializeServices( command instanceof MasterCreateCommand );
command.execute();
@@ -186,6 +187,9 @@ public class KnoxCLI extends Configured implements Tool {
private void initializeServices(boolean persisting) throws ServiceLifecycleException {
GatewayConfig config = getGatewayConfig();
+ if (config.isHadoopKerberosSecured()) {
+ configureKerberosSecurity(config);
+ }
Map<String,String> options = new HashMap<>();
options.put(GatewayCommandLine.PERSIST_LONG, Boolean.toString(persisting));
if (master != null) {
@@ -2273,4 +2277,12 @@ public class KnoxCLI extends Configured implements Tool {
int res = ToolRunner.run(new GatewayConfigImpl(), new KnoxCLI(), args);
System.exit(res);
}
+
+ private static void configureKerberosSecurity( GatewayConfig config ) {
+ System.setProperty(GatewayConfig.HADOOP_KERBEROS_SECURED, "true");
+ System.setProperty(GatewayConfig.KRB5_CONFIG, config.getKerberosConfig());
+ System.setProperty(GatewayConfig.KRB5_DEBUG, Boolean.toString(config.isKerberosDebugEnabled()));
+ System.setProperty(GatewayConfig.KRB5_LOGIN_CONFIG, config.getKerberosLoginConfig());
+ System.setProperty(GatewayConfig.KRB5_USE_SUBJECT_CREDS_ONLY, "false");
+ }
}