You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2016/09/14 16:09:59 UTC
[2/2] ambari git commit: Revert "AMBARI-18365. Add Ambari
configuration options to support Kerberos token authentication (rlevas)"
Revert "AMBARI-18365. Add Ambari configuration options to support Kerberos token authentication (rlevas)"
This reverts commit 70d2223a9bb39da3a9b8d7eaf05bbad3698a92c0.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c0e0a533
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c0e0a533
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c0e0a533
Branch: refs/heads/branch-2.5
Commit: c0e0a5331889d4a7578d54dee156666e9cd0396e
Parents: 3ebb8d4
Author: Robert Levas <rl...@hortonworks.com>
Authored: Wed Sep 14 12:08:39 2016 -0400
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Wed Sep 14 12:09:51 2016 -0400
----------------------------------------------------------------------
.../server/configuration/Configuration.java | 183 +------------------
.../server/configuration/ConfigurationTest.java | 136 +-------------
2 files changed, 2 insertions(+), 317 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/c0e0a533/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index b70c5f4..fa0f784 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -1,4 +1,4 @@
-/*
+/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -56,9 +56,7 @@ import org.apache.ambari.server.orm.PersistenceType;
import org.apache.ambari.server.orm.dao.HostRoleCommandStatusSummaryDTO;
import org.apache.ambari.server.orm.entities.StageEntity;
import org.apache.ambari.server.security.ClientSecurityType;
-import org.apache.ambari.server.security.authentication.kerberos.AmbariKerberosAuthenticationProperties;
import org.apache.ambari.server.security.authorization.LdapServerProperties;
-import org.apache.ambari.server.security.authorization.UserType;
import org.apache.ambari.server.security.authorization.jwt.JwtAuthenticationProperties;
import org.apache.ambari.server.security.encryption.CertificateUtils;
import org.apache.ambari.server.security.encryption.CredentialProvider;
@@ -70,7 +68,6 @@ import org.apache.ambari.server.utils.DateUtils;
import org.apache.ambari.server.utils.HostUtils;
import org.apache.ambari.server.utils.Parallel;
import org.apache.ambari.server.utils.ShellCommandUtil;
-import org.apache.ambari.server.utils.StageUtils;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.CommandLineParser;
import org.apache.commons.cli.DefaultParser;
@@ -1315,49 +1312,6 @@ public class Configuration {
public static final ConfigurationProperty<String> JWT_ORIGINAL_URL_QUERY_PARAM = new ConfigurationProperty<>(
"authentication.jwt.originalUrlParamName", "originalUrl");
- /* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
- * Kerberos authentication-specific properties
- * =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= */
- /**
- * Determines whether to use Kerberos (SPNEGO) authentication when connecting Ambari.
- */
- @Markdown(description = "Determines whether to use Kerberos (SPNEGO) authentication when connecting Ambari.")
- public static final ConfigurationProperty<Boolean> KERBEROS_AUTH_ENABLED = new ConfigurationProperty<>(
- "authentication.kerberos.enabled", Boolean.FALSE);
-
- /**
- * The Kerberos principal name to use when verifying user-supplied Kerberos tokens for authentication via SPNEGO.
- */
- @Markdown(description = "The Kerberos principal name to use when verifying user-supplied Kerberos tokens for authentication via SPNEGO")
- public static final ConfigurationProperty<String> KERBEROS_AUTH_SPNEGO_PRINCIPAL = new ConfigurationProperty<>(
- "authentication.kerberos.spnego.principal", "HTTP/_HOST");
-
- /**
- * The Kerberos identity to use when verifying user-supplied Kerberos tokens for authentication via SPNEGO.
- */
- @Markdown(description = "The Kerberos keytab file to use when verifying user-supplied Kerberos tokens for authentication via SPNEGO")
- public static final ConfigurationProperty<String> KERBEROS_AUTH_SPNEGO_KEYTAB_FILE = new ConfigurationProperty<>(
- "authentication.kerberos.spnego.keytab.file", "/etc/security/keytabs/spnego.service.keytab");
-
- /**
- * A comma-delimited (ordered) list of preferred user types to use when finding the Ambari user
- * account for the user-supplied Kerberos identity during authentication via SPNEGO.
- */
- @Markdown(description = "A comma-delimited (ordered) list of preferred user types to use when finding the Ambari user account for the user-supplied Kerberos identity during authentication via SPNEGO")
- public static final ConfigurationProperty<String> KERBEROS_AUTH_USER_TYPES = new ConfigurationProperty<>(
- "authentication.kerberos.user.types", "LDAP");
-
- /**
- * The auth-to-local rules set to use when translating a user's principal name to a local user name
- * during authentication via SPNEGO.
- */
- @Markdown(description = "The auth-to-local rules set to use when translating a user's principal name to a local user name during authentication via SPNEGO.")
- public static final ConfigurationProperty<String> KERBEROS_AUTH_AUTH_TO_LOCAL_RULES = new ConfigurationProperty<>(
- "authentication.kerberos.auth_to_local.rules", "DEFAULT");
- /* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
- * Kerberos authentication-specific properties (end)
- * =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= */
-
/**
* The type of connection pool to use with JDBC connections to the database.
*/
@@ -2352,11 +2306,6 @@ public class Configuration {
private Map<String, String> databaseConnectorNames = new HashMap<>();
private Map<String, String> databasePreviousConnectorNames = new HashMap<>();
- /**
- * The Kerberos authentication-specific properties container (for convenience)
- */
- private final AmbariKerberosAuthenticationProperties kerberosAuthenticationProperties;
-
static {
if (System.getProperty("os.name").contains("Windows")) {
DEF_ARCHIVE_EXTENSION = ".zip";
@@ -2562,9 +2511,6 @@ public class Configuration {
configsMap.put(CLIENT_API_SSL_CRT_PASS.getKey(), password);
}
- // Capture the Kerberos authentication-related properties
- kerberosAuthenticationProperties = createKerberosAuthenticationProperties();
-
loadSSLParams();
}
@@ -4491,15 +4437,6 @@ public class Configuration {
}
/**
- * Gets the Kerberos authentication-specific properties container
- *
- * @return an AmbariKerberosAuthenticationProperties
- */
- public AmbariKerberosAuthenticationProperties getKerberosAuthenticationProperties() {
- return kerberosAuthenticationProperties;
- }
-
- /**
* Ambari server temp dir
* @return server temp dir
*/
@@ -5107,122 +5044,4 @@ public class Configuration {
String value();
}
- /**
- * Creates an AmbariKerberosAuthenticationProperties instance containing the Kerberos authentication-specific
- * properties.
- *
- * The relevant properties are processed to set any default values or translate the propery values
- * into usable data for the Kerberos authentication logic.
- *
- * @return
- */
- private AmbariKerberosAuthenticationProperties createKerberosAuthenticationProperties() {
- AmbariKerberosAuthenticationProperties kerberosAuthProperties = new AmbariKerberosAuthenticationProperties();
-
- kerberosAuthProperties.setKerberosAuthenticationEnabled(Boolean.valueOf(getProperty(KERBEROS_AUTH_ENABLED)));
-
- // if Kerberos authentication is enabled, continue; else ignore the rest of related properties since
- // they will not be used.
- if (!kerberosAuthProperties.isKerberosAuthenticationEnabled()) {
- return kerberosAuthProperties;
- }
-
- // Get and process the configured user type values to convert the comma-delimited string of
- // user types into a ordered (as found in the comma-delimited value) list of UserType values.
- String userTypes = getProperty(KERBEROS_AUTH_USER_TYPES);
- List<UserType> orderedUserTypes = new ArrayList<UserType>();
-
- String[] types = userTypes.split(",");
- for (String type : types) {
- type = type.trim();
-
- if (!type.isEmpty()) {
- try {
- orderedUserTypes.add(UserType.valueOf(type.toUpperCase()));
- } catch (IllegalArgumentException e) {
- throw new IllegalArgumentException(String.format("While processing ordered user types from %s, " +
- "%s was found to be an invalid user type.",
- KERBEROS_AUTH_USER_TYPES.getKey(), type), e);
- }
- }
- }
-
- // If no user types have been specified, assume only LDAP users...
- if (orderedUserTypes.isEmpty()) {
- LOG.info("No (valid) user types were specified in {}. Using the default value of LOCAL.",
- KERBEROS_AUTH_USER_TYPES.getKey());
- orderedUserTypes.add(UserType.LDAP);
- }
-
- kerberosAuthProperties.setOrderedUserTypes(orderedUserTypes);
-
- // Get and process the SPNEGO principal name. If it exists and contains the host replacement
- // indicator (_HOST), replace it with the hostname of the current host.
- String spnegoPrincipalName = getProperty(KERBEROS_AUTH_SPNEGO_PRINCIPAL);
-
- if ((spnegoPrincipalName != null) && (spnegoPrincipalName.contains("_HOST"))) {
- String hostName = StageUtils.getHostName();
-
- if (StringUtils.isEmpty(hostName)) {
- LOG.warn("Cannot replace _HOST in the configured SPNEGO principal name with the host name this host since it is not available");
- } else {
- LOG.info("Replacing _HOST in the configured SPNEGO principal name with the host name this host: {}", hostName);
- spnegoPrincipalName = spnegoPrincipalName.replaceAll("_HOST", hostName);
- }
- }
-
- kerberosAuthProperties.setSpnegoPrincipalName(spnegoPrincipalName);
-
- // Validate the SPNEGO principal name to ensure it was set.
- // Log any found issues.
- if (StringUtils.isEmpty(kerberosAuthProperties.getSpnegoPrincipalName())) {
- throw new IllegalArgumentException(String.format("The SPNEGO principal name specified in %s is empty. " +
- "This will cause issues authenticating users using Kerberos.",
- KERBEROS_AUTH_SPNEGO_PRINCIPAL.getKey()));
- }
-
- // Get the SPNEGO keytab file. There is nothing special to process for this value.
- kerberosAuthProperties.setSpnegoKeytabFilePath(getProperty(KERBEROS_AUTH_SPNEGO_KEYTAB_FILE));
-
- // Validate the SPNEGO keytab file to ensure it was set, it exists and it is readable by Ambari.
- // Log any found issues.
- if (StringUtils.isEmpty(kerberosAuthProperties.getSpnegoKeytabFilePath())) {
- throw new IllegalArgumentException(String.format("The SPNEGO keytab file path specified in %s is empty. " +
- "This will cause issues authenticating users using Kerberos.",
- KERBEROS_AUTH_SPNEGO_KEYTAB_FILE.getKey()));
- } else {
- File keytabFile = new File(kerberosAuthProperties.getSpnegoKeytabFilePath());
- if (!keytabFile.exists()) {
- throw new IllegalArgumentException(String.format("The SPNEGO keytab file path (%s) specified in %s does not exist. " +
- "This will cause issues authenticating users using Kerberos.",
- keytabFile.getAbsolutePath(), KERBEROS_AUTH_SPNEGO_KEYTAB_FILE.getKey()));
- } else if (!keytabFile.canRead()) {
- throw new IllegalArgumentException(String.format("The SPNEGO keytab file path (%s) specified in %s cannot be read. " +
- "This will cause issues authenticating users using Kerberos.",
- keytabFile.getAbsolutePath(), KERBEROS_AUTH_SPNEGO_KEYTAB_FILE.getKey()));
- }
- }
-
- // Get the auth-to-local rule set. There is nothing special to process for this value.
- kerberosAuthProperties.setAuthToLocalRules(getProperty(KERBEROS_AUTH_AUTH_TO_LOCAL_RULES));
-
- LOG.info("Kerberos authentication is enabled:\n " +
- "\t{}: {}\n" +
- "\t{}: {}\n" +
- "\t{}: {}\n" +
- "\t{}: {}\n" +
- "\t{}: {}\n",
- KERBEROS_AUTH_ENABLED.getKey(),
- kerberosAuthProperties.isKerberosAuthenticationEnabled(),
- KERBEROS_AUTH_SPNEGO_PRINCIPAL.getKey(),
- kerberosAuthProperties.getSpnegoPrincipalName(),
- KERBEROS_AUTH_SPNEGO_KEYTAB_FILE.getKey(),
- kerberosAuthProperties.getSpnegoKeytabFilePath(),
- KERBEROS_AUTH_USER_TYPES.getKey(),
- kerberosAuthProperties.getOrderedUserTypes(),
- KERBEROS_AUTH_AUTH_TO_LOCAL_RULES.getKey(),
- kerberosAuthProperties.getAuthToLocalRules());
-
- return kerberosAuthProperties;
- }
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c0e0a533/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java b/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
index 0397288..f9b76f8 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
@@ -1,4 +1,4 @@
-/*
+/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -30,8 +30,6 @@ import java.io.FileOutputStream;
import java.io.IOException;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
-import java.util.Arrays;
-import java.util.Collections;
import java.util.Map;
import java.util.Properties;
@@ -42,11 +40,8 @@ import org.apache.ambari.server.configuration.Configuration.ConfigurationPropert
import org.apache.ambari.server.configuration.Configuration.ConnectionPoolType;
import org.apache.ambari.server.configuration.Configuration.DatabaseType;
import org.apache.ambari.server.controller.metrics.ThreadPoolEnabledPropertyProvider;
-import org.apache.ambari.server.security.authentication.kerberos.AmbariKerberosAuthenticationProperties;
import org.apache.ambari.server.security.authorization.LdapServerProperties;
-import org.apache.ambari.server.security.authorization.UserType;
import org.apache.ambari.server.state.services.MetricsRetrievalService;
-import org.apache.ambari.server.utils.StageUtils;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.lang.StringUtils;
@@ -925,133 +920,4 @@ public class ConfigurationTest {
StringUtils.isEmpty(markdown.description()));
}
}
-
- /**
- * Tests that the Kerberos-authentication properties are read and properly and set in an
- * {@link AmbariKerberosAuthenticationProperties} instance when Kerberos authentication is enabled.
- */
- @Test
- public void testKerberosAuthenticationEnabled() throws IOException {
- File keytabFile = temp.newFile("spnego.service.keytab");
-
- Properties properties = new Properties();
- properties.put(Configuration.KERBEROS_AUTH_ENABLED.getKey(), "true");
- properties.put(Configuration.KERBEROS_AUTH_SPNEGO_KEYTAB_FILE.getKey(), keytabFile.getAbsolutePath());
- properties.put(Configuration.KERBEROS_AUTH_SPNEGO_PRINCIPAL.getKey(), "spnego/principal@REALM");
- properties.put(Configuration.KERBEROS_AUTH_USER_TYPES.getKey(), "LDAP, LOCAL");
- properties.put(Configuration.KERBEROS_AUTH_AUTH_TO_LOCAL_RULES.getKey(), "DEFAULT");
-
- Configuration configuration = new Configuration(properties);
-
- AmbariKerberosAuthenticationProperties kerberosAuthenticationProperties = configuration.getKerberosAuthenticationProperties();
-
- Assert.assertTrue(kerberosAuthenticationProperties.isKerberosAuthenticationEnabled());
- Assert.assertEquals(keytabFile.getAbsolutePath(), kerberosAuthenticationProperties.getSpnegoKeytabFilePath());
- Assert.assertEquals("spnego/principal@REALM", kerberosAuthenticationProperties.getSpnegoPrincipalName());
- Assert.assertEquals("DEFAULT", kerberosAuthenticationProperties.getAuthToLocalRules());
- Assert.assertEquals(Arrays.asList(UserType.LDAP, UserType.LOCAL), kerberosAuthenticationProperties.getOrderedUserTypes());
- }
-
- /**
- * Tests that the Kerberos-authentication properties are read and properly and set in an
- * {@link AmbariKerberosAuthenticationProperties} instance when Kerberos authentication is enabled
- * and default values are expected to be used for unset properties.
- */
- @Test
- public void testKerberosAuthenticationEnabledUsingDefaults() throws IOException {
- File keytabFile = temp.newFile("spnego.service.keytab");
-
- Properties properties = new Properties();
- properties.put(Configuration.KERBEROS_AUTH_ENABLED.getKey(), "true");
- // Force a specific path to the SPNEGO keytab file since internal validation expects to exist
- properties.put(Configuration.KERBEROS_AUTH_SPNEGO_KEYTAB_FILE.getKey(), keytabFile.getAbsolutePath());
-
- Configuration configuration = new Configuration(properties);
-
- AmbariKerberosAuthenticationProperties kerberosAuthenticationProperties = configuration.getKerberosAuthenticationProperties();
-
- Assert.assertTrue(kerberosAuthenticationProperties.isKerberosAuthenticationEnabled());
- Assert.assertEquals(keytabFile.getAbsolutePath(), kerberosAuthenticationProperties.getSpnegoKeytabFilePath());
- Assert.assertEquals("HTTP/" + StageUtils.getHostName(), kerberosAuthenticationProperties.getSpnegoPrincipalName());
- Assert.assertEquals("DEFAULT", kerberosAuthenticationProperties.getAuthToLocalRules());
- Assert.assertEquals(Collections.singletonList(UserType.LDAP), kerberosAuthenticationProperties.getOrderedUserTypes());
- }
-
- /**
- * Tests that the Kerberos-authentication properties are read and properly set in an
- * {@link AmbariKerberosAuthenticationProperties} instance when Kerberos authentication is disabled.
- */
- @Test
- public void testKerberosAuthenticationDisabled() {
- Properties properties = new Properties();
- properties.put(Configuration.KERBEROS_AUTH_ENABLED.getKey(), "false");
-
- Configuration configuration = new Configuration(properties);
-
- AmbariKerberosAuthenticationProperties kerberosAuthenticationProperties = configuration.getKerberosAuthenticationProperties();
-
- Assert.assertFalse(kerberosAuthenticationProperties.isKerberosAuthenticationEnabled());
- Assert.assertNull(kerberosAuthenticationProperties.getSpnegoKeytabFilePath());
- Assert.assertNull(kerberosAuthenticationProperties.getSpnegoPrincipalName());
- Assert.assertNull(kerberosAuthenticationProperties.getAuthToLocalRules());
- Assert.assertEquals(Collections.emptyList(), kerberosAuthenticationProperties.getOrderedUserTypes());
- }
-
- @Test
- public void testKerberosAuthenticationDisabledWithValuesSet() {
- Properties properties = new Properties();
- properties.put(Configuration.KERBEROS_AUTH_ENABLED.getKey(), "false");
- properties.put(Configuration.KERBEROS_AUTH_SPNEGO_KEYTAB_FILE.getKey(), "/path/to/spnego/keytab/file");
- properties.put(Configuration.KERBEROS_AUTH_SPNEGO_PRINCIPAL.getKey(), "spnego/principal@REALM");
- properties.put(Configuration.KERBEROS_AUTH_USER_TYPES.getKey(), "LDAP, LOCAL");
- properties.put(Configuration.KERBEROS_AUTH_AUTH_TO_LOCAL_RULES.getKey(), "DEFAULT");
-
- Configuration configuration = new Configuration(properties);
-
- AmbariKerberosAuthenticationProperties kerberosAuthenticationProperties = configuration.getKerberosAuthenticationProperties();
-
- Assert.assertFalse(kerberosAuthenticationProperties.isKerberosAuthenticationEnabled());
- Assert.assertNull(kerberosAuthenticationProperties.getSpnegoKeytabFilePath());
- Assert.assertNull(kerberosAuthenticationProperties.getSpnegoPrincipalName());
- Assert.assertNull(kerberosAuthenticationProperties.getAuthToLocalRules());
- Assert.assertEquals(Collections.emptyList(), kerberosAuthenticationProperties.getOrderedUserTypes());
- }
-
- @Test(expected = IllegalArgumentException.class)
- public void testKerberosAuthenticationEmptySPNEGOPrincipalName() throws IOException {
- File keytabFile = temp.newFile("spnego.service.keytab");
-
- Properties properties = new Properties();
- properties.put(Configuration.KERBEROS_AUTH_ENABLED.getKey(), "true");
- properties.put(Configuration.KERBEROS_AUTH_SPNEGO_KEYTAB_FILE.getKey(), keytabFile.getAbsolutePath());
- properties.put(Configuration.KERBEROS_AUTH_SPNEGO_PRINCIPAL.getKey(), "");
- properties.put(Configuration.KERBEROS_AUTH_USER_TYPES.getKey(), "LDAP, LOCAL");
- properties.put(Configuration.KERBEROS_AUTH_AUTH_TO_LOCAL_RULES.getKey(), "DEFAULT");
-
- new Configuration(properties);
- }
-
- @Test(expected = IllegalArgumentException.class)
- public void testKerberosAuthenticationEmptySPNEGOKeytabFile() {
- Properties properties = new Properties();
- properties.put(Configuration.KERBEROS_AUTH_ENABLED.getKey(), "true");
- properties.put(Configuration.KERBEROS_AUTH_SPNEGO_KEYTAB_FILE.getKey(), "");
- properties.put(Configuration.KERBEROS_AUTH_SPNEGO_PRINCIPAL.getKey(), "spnego/principal@REALM");
- properties.put(Configuration.KERBEROS_AUTH_USER_TYPES.getKey(), "LDAP, LOCAL");
- properties.put(Configuration.KERBEROS_AUTH_AUTH_TO_LOCAL_RULES.getKey(), "DEFAULT");
-
- new Configuration(properties);
- }
-
- @Test(expected = IllegalArgumentException.class)
- public void testKerberosAuthenticationSPNEGOKeytabFileNotFound() {
- Properties properties = new Properties();
- properties.put(Configuration.KERBEROS_AUTH_ENABLED.getKey(), "true");
- properties.put(Configuration.KERBEROS_AUTH_SPNEGO_KEYTAB_FILE.getKey(), "/path/to/missing/spnego/keytab/file");
- properties.put(Configuration.KERBEROS_AUTH_SPNEGO_PRINCIPAL.getKey(), "spnego/principal@REALM");
- properties.put(Configuration.KERBEROS_AUTH_USER_TYPES.getKey(), "LDAP, LOCAL");
- properties.put(Configuration.KERBEROS_AUTH_AUTH_TO_LOCAL_RULES.getKey(), "DEFAULT");
-
- new Configuration(properties);
- }
}