You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@accumulo.apache.org by el...@apache.org on 2015/02/13 22:42:19 UTC

[1/2] accumulo git commit: ACCUMULO-3582 Disable auth timeout when using Kerberos

Repository: accumulo
Updated Branches:
  refs/heads/master 2c9833171 -> 47f5d4ed4


ACCUMULO-3582 Disable auth timeout when using Kerberos

The local credentials cache is already sufficient for
expiring credentials -- the shell doesn't need to be inserting
itself and trying to also do it.


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/54f260ee
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/54f260ee
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/54f260ee

Branch: refs/heads/master
Commit: 54f260ee9b2bdf08ec6c330331ba27d5fd1638ca
Parents: 2c98331
Author: Josh Elser <el...@apache.org>
Authored: Fri Feb 13 15:23:56 2015 -0500
Committer: Josh Elser <el...@apache.org>
Committed: Fri Feb 13 15:23:56 2015 -0500

----------------------------------------------------------------------
 shell/src/main/java/org/apache/accumulo/shell/Shell.java        | 5 +++++
 .../src/main/java/org/apache/accumulo/shell/ShellOptionsJC.java | 3 +++
 2 files changed, 8 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/54f260ee/shell/src/main/java/org/apache/accumulo/shell/Shell.java
----------------------------------------------------------------------
diff --git a/shell/src/main/java/org/apache/accumulo/shell/Shell.java b/shell/src/main/java/org/apache/accumulo/shell/Shell.java
index b63f291..e519a7c 100644
--- a/shell/src/main/java/org/apache/accumulo/shell/Shell.java
+++ b/shell/src/main/java/org/apache/accumulo/shell/Shell.java
@@ -285,6 +285,11 @@ public class Shell extends ShellOptions implements KeywordExecutable {
       return true;
     }
 
+    if (Boolean.parseBoolean(clientConf.get(ClientProperty.INSTANCE_RPC_SASL_ENABLED))) {
+      log.debug("SASL is enabled, disabling authorization timeout");
+      disableAuthTimeout = true;
+    }
+
     // get the options that were parsed
     final String user;
     try {

http://git-wip-us.apache.org/repos/asf/accumulo/blob/54f260ee/shell/src/main/java/org/apache/accumulo/shell/ShellOptionsJC.java
----------------------------------------------------------------------
diff --git a/shell/src/main/java/org/apache/accumulo/shell/ShellOptionsJC.java b/shell/src/main/java/org/apache/accumulo/shell/ShellOptionsJC.java
index be53d5d..4ba6de0 100644
--- a/shell/src/main/java/org/apache/accumulo/shell/ShellOptionsJC.java
+++ b/shell/src/main/java/org/apache/accumulo/shell/ShellOptionsJC.java
@@ -279,6 +279,9 @@ public class ShellOptionsJC {
   }
 
   public boolean isAuthTimeoutDisabled() {
+    if (useSasl()) {
+      return true;
+    }
     return authTimeoutDisabled;
   }

[2/2] accumulo git commit: ACCUMULO-3513 Fixing javadoc

Posted by el...@apache.org.

ACCUMULO-3513 Fixing javadoc


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/47f5d4ed
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/47f5d4ed
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/47f5d4ed

Branch: refs/heads/master
Commit: 47f5d4ed458bed2f078354843f395bc7b5b9bfae
Parents: 54f260e
Author: Josh Elser <el...@apache.org>
Authored: Fri Feb 13 16:41:26 2015 -0500
Committer: Josh Elser <el...@apache.org>
Committed: Fri Feb 13 16:41:26 2015 -0500

----------------------------------------------------------------------
 .../core/client/mapreduce/lib/impl/InputConfigurator.java |  2 +-
 .../core/client/security/tokens/DelegationToken.java      |  4 +---
 .../apache/accumulo/core/rpc/SaslConnectionParams.java    |  6 ------
 .../org/apache/accumulo/core/util/ThriftMessageUtil.java  |  8 ++++----
 docs/src/main/asciidoc/chapters/kerberos.txt              | 10 ++++++++++
 .../java/org/apache/accumulo/server/rpc/TServerUtils.java |  2 +-
 .../delegation/AuthenticationTokenSecretManager.java      |  2 +-
 7 files changed, 18 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/47f5d4ed/core/src/main/java/org/apache/accumulo/core/client/mapreduce/lib/impl/InputConfigurator.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/client/mapreduce/lib/impl/InputConfigurator.java b/core/src/main/java/org/apache/accumulo/core/client/mapreduce/lib/impl/InputConfigurator.java
index 6a64166..e7af1ae 100644
--- a/core/src/main/java/org/apache/accumulo/core/client/mapreduce/lib/impl/InputConfigurator.java
+++ b/core/src/main/java/org/apache/accumulo/core/client/mapreduce/lib/impl/InputConfigurator.java
@@ -644,7 +644,7 @@ public class InputConfigurator extends ConfiguratorBase {
    *          the Hadoop configuration object to configure
    * @param conn
    *          the Connector
-   * @see 1.7.0
+   * @since 1.7.0
    */
   public static void validatePermissions(Class<?> implementingClass, Configuration conf, Connector conn) throws IOException {
     Map<String,InputTableConfig> inputTableConfigs = getInputTableConfigs(implementingClass, conf);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/47f5d4ed/core/src/main/java/org/apache/accumulo/core/client/security/tokens/DelegationToken.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/client/security/tokens/DelegationToken.java b/core/src/main/java/org/apache/accumulo/core/client/security/tokens/DelegationToken.java
index bc0251f..cc4864a 100644
--- a/core/src/main/java/org/apache/accumulo/core/client/security/tokens/DelegationToken.java
+++ b/core/src/main/java/org/apache/accumulo/core/client/security/tokens/DelegationToken.java
@@ -99,9 +99,7 @@ public class DelegationToken extends PasswordToken {
   }
 
   /**
-   * The service name used to identify this {@link Token}
-   *
-   * @see Token#Constructor(byte[], byte[], Text, Text)
+   * The service name used to identify the {@link Token}
    */
   public Text getServiceName() {
     checkNotNull(identifier);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/47f5d4ed/core/src/main/java/org/apache/accumulo/core/rpc/SaslConnectionParams.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/rpc/SaslConnectionParams.java b/core/src/main/java/org/apache/accumulo/core/rpc/SaslConnectionParams.java
index 10438de..33392b9 100644
--- a/core/src/main/java/org/apache/accumulo/core/rpc/SaslConnectionParams.java
+++ b/core/src/main/java/org/apache/accumulo/core/rpc/SaslConnectionParams.java
@@ -131,12 +131,6 @@ public class SaslConnectionParams {
   protected CallbackHandler callbackHandler;
   protected final Map<String,String> saslProperties;
 
-  /**
-   * Generate an {@link SaslConnectionParams} instance given the provided {@link AccumuloConfiguration}. The provided configuration is converted into a
-   * {@link ClientConfiguration}, ignoring any properties which are not {@link ClientProperty}s. If SASL is not being used, a null object will be returned.
-   * Callers should strive to use {@link #forConfig(ClientConfiguration)}; server processes are the only intended consumers of this method.
-   *
-   */
   public SaslConnectionParams(AccumuloConfiguration conf, AuthenticationToken token) {
     this(new ClientConfiguration(new MapConfiguration(getProperties(conf))), token);
   }

http://git-wip-us.apache.org/repos/asf/accumulo/blob/47f5d4ed/core/src/main/java/org/apache/accumulo/core/util/ThriftMessageUtil.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/util/ThriftMessageUtil.java b/core/src/main/java/org/apache/accumulo/core/util/ThriftMessageUtil.java
index c79aac0..611d21c 100644
--- a/core/src/main/java/org/apache/accumulo/core/util/ThriftMessageUtil.java
+++ b/core/src/main/java/org/apache/accumulo/core/util/ThriftMessageUtil.java
@@ -48,7 +48,7 @@ public class ThriftMessageUtil {
   }
 
   /**
-   * Convert the {@link msg} to a byte array representation
+   * Convert the {@code msg} to a byte array representation
    *
    * @param msg
    *          The message to serialize
@@ -69,7 +69,7 @@ public class ThriftMessageUtil {
   }
 
   /**
-   * @see #deserialize(byte[], int, int, T)
+   * @see #deserialize(byte[], int, int, TBase)
    */
   public <T extends TBase<?,?>> T deserialize(ByteBuffer serialized, T instance) throws IOException {
     checkNotNull(serialized);
@@ -77,7 +77,7 @@ public class ThriftMessageUtil {
   }
 
   /**
-   * Assumes the entire contents of the byte array compose the serialized {@link instance}
+   * Assumes the entire contents of the byte array compose the serialized {@code instance}
    *
    * @see #deserialize(byte[], int, int, TBase)
    */
@@ -86,7 +86,7 @@ public class ThriftMessageUtil {
   }
 
   /**
-   * Deserializes a message into the provided {@link instance} from {@link serialized}
+   * Deserializes a message into the provided {@code instance} from {@code serialized}
    *
    * @param serialized
    *          The serialized representation of the object

http://git-wip-us.apache.org/repos/asf/accumulo/blob/47f5d4ed/docs/src/main/asciidoc/chapters/kerberos.txt
----------------------------------------------------------------------
diff --git a/docs/src/main/asciidoc/chapters/kerberos.txt b/docs/src/main/asciidoc/chapters/kerberos.txt
index dc2484b..acaf3bc 100644
--- a/docs/src/main/asciidoc/chapters/kerberos.txt
+++ b/docs/src/main/asciidoc/chapters/kerberos.txt
@@ -182,6 +182,16 @@ configured for your nodes and that Accumulo is configured to use the FQDN. It
 is extremely important to use the FQDN in each of the "hosts" files for each
 Accumulo process: +masters+, +monitors+, +slaves+, +tracers+, and +gc+.
 
+Normally, no changes are needed in +accumulo-env.sh+ to enable Kerberos. Typically, the +krb5.conf+
+is installed on the local machine in +/etc/+, and the Java library implementations will look
+here to find the necessary configuration to communicate with the KDC. Some installations
+may require a different +krb5.conf+ to be used for Accumulo: +ACCUMULO_KRB5_CONF+ enables this.
+
++ACCUMULO_KRB5_CONF+ can be configured to a directory containing a file named +krb5.conf+ or
+the path to the file itself. This will be provided to all Accumulo server and client processes
+via the JVM system property +java.security.krb5.conf+. If the environment variable is not set,
++java.security.krb5.conf+ will not be set either.
+
 ===== KerberosAuthenticator
 
 The +KerberosAuthenticator+ is an implementation of the pluggable security interfaces

http://git-wip-us.apache.org/repos/asf/accumulo/blob/47f5d4ed/server/base/src/main/java/org/apache/accumulo/server/rpc/TServerUtils.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/rpc/TServerUtils.java b/server/base/src/main/java/org/apache/accumulo/server/rpc/TServerUtils.java
index 558b02e..93835be 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/rpc/TServerUtils.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/rpc/TServerUtils.java
@@ -464,7 +464,7 @@ public class TServerUtils {
 
   /**
    * @see #startTServer(HostAndPort, ThriftServerType, TimedProcessor, TProtocolFactory, String, String, int, int, long, long, SslConnectionParams,
-   *      org.apache.accumulo.core.rpc.SaslConnectionParams, long)
+   *      SaslServerConnectionParams, long)
    */
   public static ServerAddress startTServer(HostAndPort address, ThriftServerType serverType, TimedProcessor processor, String serverName, String threadName,
       int numThreads, int numSTThreads, long timeBetweenThreadChecks, long maxMessageSize, SslConnectionParams sslParams,

http://git-wip-us.apache.org/repos/asf/accumulo/blob/47f5d4ed/server/base/src/main/java/org/apache/accumulo/server/security/delegation/AuthenticationTokenSecretManager.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/delegation/AuthenticationTokenSecretManager.java b/server/base/src/main/java/org/apache/accumulo/server/security/delegation/AuthenticationTokenSecretManager.java
index 99173d2..4848609 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/delegation/AuthenticationTokenSecretManager.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/delegation/AuthenticationTokenSecretManager.java
@@ -187,7 +187,7 @@ public class AuthenticationTokenSecretManager extends SecretManager<Authenticati
   }
 
   /**
-   * Removes the {@link AuthenticationKey} from the local cache of keys using the provided {@link keyId}.
+   * Removes the {@link AuthenticationKey} from the local cache of keys using the provided {@code keyId}.
    *
    * @param keyId
    *          The unique ID for the {@link AuthenticationKey} to remove.