You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by om...@apache.org on 2011/03/04 05:00:06 UTC
svn commit: r1077288 -
/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java
Author: omalley
Date: Fri Mar 4 04:00:06 2011
New Revision: 1077288
URL: http://svn.apache.org/viewvc?rev=1077288&view=rev
Log:
commit c5a839ba56a30bc77e12f47056e651e1cc183b3c
Author: Jakob Homan <jh...@yahoo-inc.com>
Date: Thu Mar 4 19:05:52 2010 -0800
HDFS:1024 from https://issues.apache.org/jira/secure/attachment/12437962/HADOOP-1023-Y20-1.patch
+++ b/YAHOO-CHANGES.txt
+ HDFS-1023. Allow http server to start as regular user if https
+ principal is not defined. (jhoman)
+
Modified:
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java
Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java?rev=1077288&r1=1077287&r2=1077288&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java Fri Mar 4 04:00:06 2011
@@ -222,9 +222,19 @@ public class NameNode implements ClientP
}
private void startHttpServer(final Configuration conf) throws IOException {
- // Kerberized SSL servers must be run from the host principal...
- DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY,
- DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY);
+ if(UserGroupInformation.isSecurityEnabled()) {
+ String httpsUser = conf.get(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY);
+ if(httpsUser == null) {
+ LOG.warn(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY +
+ " not defined in config. Starting http server as "
+ + DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY
+ + ": Kerberized SSL may be not function correctly.");
+ } else {
+ // Kerberized SSL servers must be run from the host principal...
+ LOG.info("Logging in as " + httpsUser + " to start http server.");
+ DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY, httpsUser);
+ }
+ }
UserGroupInformation ugi = UserGroupInformation.getLoginUser();
try {
this.httpServer = ugi.doAs(new PrivilegedExceptionAction<HttpServer>() {
@@ -287,9 +297,14 @@ public class NameNode implements ClientP
} catch (InterruptedException e) {
throw new IOException(e);
} finally {
- // Go back to being the correct Namenode principal
- DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY,
- DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY);
+ if(UserGroupInformation.isSecurityEnabled() &&
+ conf.get(DFSConfigKeys.DFS_NAMENODE_KRB_HTTPS_USER_NAME_KEY) != null) {
+ // Go back to being the correct Namenode principal
+ LOG.info("Logging back in as " + DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY
+ + " following http server start.");
+ DFSUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY,
+ DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY);
+ }
}
}