You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by om...@apache.org on 2011/03/04 05:00:06 UTC

svn commit: r1077288 - /hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java

Author: omalley
Date: Fri Mar  4 04:00:06 2011
New Revision: 1077288

URL: http://svn.apache.org/viewvc?rev=1077288&view=rev
Log:
commit c5a839ba56a30bc77e12f47056e651e1cc183b3c
Author: Jakob Homan <jh...@yahoo-inc.com>
Date:   Thu Mar 4 19:05:52 2010 -0800

    HDFS:1024 from https://issues.apache.org/jira/secure/attachment/12437962/HADOOP-1023-Y20-1.patch
    
    +++ b/YAHOO-CHANGES.txt
    +    HDFS-1023. Allow http server to start as regular user if https
    +    principal is not defined. (jhoman)
    +

Modified:
    hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java

Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java?rev=1077288&r1=1077287&r2=1077288&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java Fri Mar  4 04:00:06 2011
@@ -222,9 +222,19 @@ public class NameNode implements ClientP
   }
 
   private void startHttpServer(final Configuration conf) throws IOException {
-    // Kerberized SSL servers must be run from the host principal...
-    DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY, 
-        DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY);
+    if(UserGroupInformation.isSecurityEnabled()) {
+      String httpsUser = conf.get(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY);
+      if(httpsUser == null) {
+        LOG.warn(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY + 
+            " not defined in config. Starting http server as " 
+            + DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY
+        	  +	": Kerberized SSL may be not function correctly.");
+      } else {
+        // Kerberized SSL servers must be run from the host principal...
+        LOG.info("Logging in as " + httpsUser + " to start http server.");
+        DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY, httpsUser);
+      }
+    }
     UserGroupInformation ugi = UserGroupInformation.getLoginUser();
     try {
       this.httpServer = ugi.doAs(new PrivilegedExceptionAction<HttpServer>() {
@@ -287,9 +297,14 @@ public class NameNode implements ClientP
     } catch (InterruptedException e) {
       throw new IOException(e);
     } finally {
-      // Go back to being the correct Namenode principal
-      DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY,
-          DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY);
+      if(UserGroupInformation.isSecurityEnabled() && 
+          conf.get(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY) != null) {
+        // Go back to being the correct Namenode principal
+        LOG.info("Logging back in as " + DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY 
+            + " following http server start.");
+        DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY,
+            DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY);
+      }
     }
  }