You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by zj...@apache.org on 2015/02/11 20:48:55 UTC
[37/50] [abbrv] hadoop git commit: HADOOP-11554. Expose
HadoopKerberosName as a hadoop subcommand (aw)
HADOOP-11554. Expose HadoopKerberosName as a hadoop subcommand (aw)
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/cfd8a217
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/cfd8a217
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/cfd8a217
Branch: refs/heads/YARN-2928
Commit: cfd8a2174afb1140b5042d913782b24615f32bfe
Parents: c3da2db
Author: Allen Wittenauer <aw...@apache.org>
Authored: Wed Feb 11 07:40:39 2015 -0800
Committer: Allen Wittenauer <aw...@apache.org>
Committed: Wed Feb 11 07:40:39 2015 -0800
----------------------------------------------------------------------
hadoop-common-project/hadoop-common/CHANGES.txt | 2 ++
hadoop-common-project/hadoop-common/src/main/bin/hadoop | 4 ++++
.../hadoop-common/src/main/bin/hadoop.cmd | 6 +++++-
.../hadoop-common/src/site/markdown/CommandsManual.md | 10 ++++++++++
.../hadoop-common/src/site/markdown/SecureMode.md | 2 ++
5 files changed, 23 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/cfd8a217/hadoop-common-project/hadoop-common/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt
index 1536e44..e2f1761 100644
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -27,6 +27,8 @@ Trunk (Unreleased)
HADOOP-8934. Shell command ls should include sort options (Jonathan Allen
via aw)
+ HADOOP-11554. Expose HadoopKerberosName as a hadoop subcommand (aw)
+
IMPROVEMENTS
HADOOP-8017. Configure hadoop-main pom to get rid of M2E plugin execution
http://git-wip-us.apache.org/repos/asf/hadoop/blob/cfd8a217/hadoop-common-project/hadoop-common/src/main/bin/hadoop
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/bin/hadoop b/hadoop-common-project/hadoop-common/src/main/bin/hadoop
index d689bda..42e4e83 100755
--- a/hadoop-common-project/hadoop-common/src/main/bin/hadoop
+++ b/hadoop-common-project/hadoop-common/src/main/bin/hadoop
@@ -38,6 +38,7 @@ function hadoop_usage()
echo " note: please use \"yarn jar\" to launch"
echo " YARN applications, not this command."
echo " jnipath prints the java.library.path"
+ echo " kerbname show auth_to_local principal conversion"
echo " key manage keys via the KeyProvider"
echo " trace view and modify Hadoop tracing settings"
echo " version print the version"
@@ -156,6 +157,9 @@ case ${COMMAND} in
echo "${JAVA_LIBRARY_PATH}"
exit 0
;;
+ kerbname)
+ CLASS=org.apache.hadoop.security.HadoopKerberosName
+ ;;
key)
CLASS=org.apache.hadoop.crypto.key.KeyShell
;;
http://git-wip-us.apache.org/repos/asf/hadoop/blob/cfd8a217/hadoop-common-project/hadoop-common/src/main/bin/hadoop.cmd
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/bin/hadoop.cmd b/hadoop-common-project/hadoop-common/src/main/bin/hadoop.cmd
index f612ace..c600fd1 100644
--- a/hadoop-common-project/hadoop-common/src/main/bin/hadoop.cmd
+++ b/hadoop-common-project/hadoop-common/src/main/bin/hadoop.cmd
@@ -146,7 +146,7 @@ call :updatepath %HADOOP_BIN_PATH%
)
)
- set corecommands=fs version jar checknative distcp daemonlog archive classpath credential key
+ set corecommands=fs version jar checknative distcp daemonlog archive classpath credential kerbname key
for %%i in ( %corecommands% ) do (
if %hadoop-command% == %%i set corecommand=true
)
@@ -215,6 +215,10 @@ call :updatepath %HADOOP_BIN_PATH%
set CLASS=org.apache.hadoop.security.alias.CredentialShell
goto :eof
+:kerbname
+ set CLASS=org.apache.hadoop.security.HadoopKerberosName
+ goto :eof
+
:key
set CLASS=org.apache.hadoop.crypto.key.KeyShell
goto :eof
http://git-wip-us.apache.org/repos/asf/hadoop/blob/cfd8a217/hadoop-common-project/hadoop-common/src/site/markdown/CommandsManual.md
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/site/markdown/CommandsManual.md b/hadoop-common-project/hadoop-common/src/site/markdown/CommandsManual.md
index b9c92c4..f0c0367 100644
--- a/hadoop-common-project/hadoop-common/src/site/markdown/CommandsManual.md
+++ b/hadoop-common-project/hadoop-common/src/site/markdown/CommandsManual.md
@@ -27,6 +27,7 @@
* [fs](#fs)
* [jar](#jar)
* [jnipath](#jnipath)
+ * [kerbname](#kerbname)
* [key](#key)
* [trace](#trace)
* [version](#version)
@@ -175,6 +176,15 @@ Usage: `hadoop jnipath`
Print the computed java.library.path.
+### `kerbname`
+
+ Usage: <<<hadoop kerbname principal>>>
+
+ Convert the named principal via the auth_to_local rules to the Hadoop
+ user name.
+
+ Example: <<<hadoop kerbname user@EXAMPLE.COM>>>
+
### `key`
Manage keys via the KeyProvider.
http://git-wip-us.apache.org/repos/asf/hadoop/blob/cfd8a217/hadoop-common-project/hadoop-common/src/site/markdown/SecureMode.md
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/site/markdown/SecureMode.md b/hadoop-common-project/hadoop-common/src/site/markdown/SecureMode.md
index ae057bc..f0e1f1f 100644
--- a/hadoop-common-project/hadoop-common/src/site/markdown/SecureMode.md
+++ b/hadoop-common-project/hadoop-common/src/site/markdown/SecureMode.md
@@ -162,6 +162,8 @@ Hadoop maps Kerberos principal to OS user account using the rule specified by `h
By default, it picks the first component of principal name as a user name if the realms matches to the `default_realm` (usually defined in /etc/krb5.conf). For example, `host/full.qualified.domain.name@REALM.TLD` is mapped to `host` by default rule.
+Custom rules can be tested using the <<<hadoop kerbname>>> command. This command allows one to specify a principal and apply Hadoop's current auth_to_local ruleset. The output will be what identity Hadoop will use for its usage.
+
### Mapping from user to group
Though files on HDFS are associated to owner and group, Hadoop does not have the definition of group by itself. Mapping from user to group is done by OS or LDAP.