You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by mo...@apache.org on 2020/04/30 09:54:28 UTC

[knox] branch master updated: KNOX-2348 - Fix knoxcli when kerberos auth is used (#331)

This is an automated email from the ASF dual-hosted git repository.

more pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git


The following commit(s) were added to refs/heads/master by this push:
     new f4019ae  KNOX-2348 - Fix knoxcli when kerberos auth is used (#331)
f4019ae is described below

commit f4019ae33eca291ac19b87822e12b150eaea3b24
Author: Sandeep Moré <mo...@gmail.com>
AuthorDate: Thu Apr 30 05:54:21 2020 -0400

    KNOX-2348 - Fix knoxcli when kerberos auth is used (#331)
---
 .../src/main/java/org/apache/knox/gateway/util/KnoxCLI.java  | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/util/KnoxCLI.java b/gateway-server/src/main/java/org/apache/knox/gateway/util/KnoxCLI.java
index 9e5ab5d..dbf9e76 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/util/KnoxCLI.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/util/KnoxCLI.java
@@ -160,6 +160,7 @@ public class KnoxCLI extends Configured implements Tool {
       if (exitCode != 0) {
         return exitCode;
       }
+
       if (command != null && command.validate()) {
         initializeServices( command instanceof MasterCreateCommand );
         command.execute();
@@ -186,6 +187,9 @@ public class KnoxCLI extends Configured implements Tool {
 
   private void initializeServices(boolean persisting) throws ServiceLifecycleException {
     GatewayConfig config = getGatewayConfig();
+    if (config.isHadoopKerberosSecured()) {
+      configureKerberosSecurity(config);
+    }
     Map<String,String> options = new HashMap<>();
     options.put(GatewayCommandLine.PERSIST_LONG, Boolean.toString(persisting));
     if (master != null) {
@@ -2273,4 +2277,12 @@ public class KnoxCLI extends Configured implements Tool {
     int res = ToolRunner.run(new GatewayConfigImpl(), new KnoxCLI(), args);
     System.exit(res);
   }
+
+  private static void configureKerberosSecurity( GatewayConfig config ) {
+    System.setProperty(GatewayConfig.HADOOP_KERBEROS_SECURED, "true");
+    System.setProperty(GatewayConfig.KRB5_CONFIG, config.getKerberosConfig());
+    System.setProperty(GatewayConfig.KRB5_DEBUG, Boolean.toString(config.isKerberosDebugEnabled()));
+    System.setProperty(GatewayConfig.KRB5_LOGIN_CONFIG, config.getKerberosLoginConfig());
+    System.setProperty(GatewayConfig.KRB5_USE_SUBJECT_CREDS_ONLY,  "false");
+  }
 }