Examples with MiniKdc org.apache.hadoop.minikdc.MiniKdc used on opensource projects

Example 6 with MiniKdc

use of org.apache.hadoop.minikdc.MiniKdc in project hadoop by apache.

the class TestRollingFileSystemSinkWithSecureHdfs method initKdc.

/**
   * Setup the KDC for testing a secure HDFS cluster.
   *
   * @throws Exception thrown if the KDC setup fails
   */
@BeforeClass
public static void initKdc() throws Exception {
    Properties kdcConf = MiniKdc.createConf();
    kdc = new MiniKdc(kdcConf, ROOT_TEST_DIR);
    kdc.start();
    File sinkKeytabFile = new File(ROOT_TEST_DIR, "sink.keytab");
    sinkKeytab = sinkKeytabFile.getAbsolutePath();
    kdc.createPrincipal(sinkKeytabFile, "sink/localhost");
    sinkPrincipal = "sink/localhost@" + kdc.getRealm();
    File hdfsKeytabFile = new File(ROOT_TEST_DIR, "hdfs.keytab");
    hdfsKeytab = hdfsKeytabFile.getAbsolutePath();
    kdc.createPrincipal(hdfsKeytabFile, "hdfs/localhost", "HTTP/localhost");
    hdfsPrincipal = "hdfs/localhost@" + kdc.getRealm();
    spnegoPrincipal = "HTTP/localhost@" + kdc.getRealm();
}

Example 7 with MiniKdc

use of org.apache.hadoop.minikdc.MiniKdc in project hadoop by apache.

the class TestKDiag method startMiniKdc.

@BeforeClass
public static void startMiniKdc() throws Exception {
    workDir = new File(System.getProperty("test.dir", "target"));
    securityProperties = MiniKdc.createConf();
    kdc = new MiniKdc(securityProperties, workDir);
    kdc.start();
    keytab = createKeytab("foo");
    conf = new Configuration();
    conf.set(HADOOP_SECURITY_AUTHENTICATION, "KERBEROS");
}

Example 8 with MiniKdc

use of org.apache.hadoop.minikdc.MiniKdc in project hadoop by apache.

the class TestUGILoginFromKeytab method startMiniKdc.

@Before
public void startMiniKdc() throws Exception {
    // This setting below is required. If not enabled, UGI will abort
    // any attempt to loginUserFromKeytab.
    Configuration conf = new Configuration();
    conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
    UserGroupInformation.setConfiguration(conf);
    workDir = folder.getRoot();
    kdc = new MiniKdc(MiniKdc.createConf(), workDir);
    kdc.start();
}

Example 9 with MiniKdc

use of org.apache.hadoop.minikdc.MiniKdc in project hadoop by apache.

the class TestUGIWithMiniKdc method setupKdc.

private void setupKdc() throws Exception {
    Properties kdcConf = MiniKdc.createConf();
    // tgt expire time = 30 seconds
    kdcConf.setProperty(MiniKdc.MAX_TICKET_LIFETIME, "30");
    kdcConf.setProperty(MiniKdc.MIN_TICKET_LIFETIME, "30");
    File kdcDir = new File(System.getProperty("test.dir", "target"));
    kdc = new MiniKdc(kdcConf, kdcDir);
    kdc.start();
}

Example 10 with MiniKdc

use of org.apache.hadoop.minikdc.MiniKdc in project hadoop by apache.

the class TestMover method initSecureConf.

private void initSecureConf(Configuration conf) throws Exception {
    String username = "mover";
    File baseDir = GenericTestUtils.getTestDir(TestMover.class.getSimpleName());
    FileUtil.fullyDelete(baseDir);
    Assert.assertTrue(baseDir.mkdirs());
    Properties kdcConf = MiniKdc.createConf();
    MiniKdc kdc = new MiniKdc(kdcConf, baseDir);
    kdc.start();
    SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, conf);
    UserGroupInformation.setConfiguration(conf);
    KerberosName.resetDefaultRealm();
    Assert.assertTrue("Expected configuration to enable security", UserGroupInformation.isSecurityEnabled());
    keytabFile = new File(baseDir, username + ".keytab");
    String keytab = keytabFile.getAbsolutePath();
    // Windows will not reverse name lookup "127.0.0.1" to "localhost".
    String krbInstance = Path.WINDOWS ? "127.0.0.1" : "localhost";
    principal = username + "/" + krbInstance + "@" + kdc.getRealm();
    String spnegoPrincipal = "HTTP/" + krbInstance + "@" + kdc.getRealm();
    kdc.createPrincipal(keytabFile, username, username + "/" + krbInstance, "HTTP/" + krbInstance);
    conf.set(DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, principal);
    conf.set(DFS_NAMENODE_KEYTAB_FILE_KEY, keytab);
    conf.set(DFS_DATANODE_KERBEROS_PRINCIPAL_KEY, principal);
    conf.set(DFS_DATANODE_KEYTAB_FILE_KEY, keytab);
    conf.set(DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY, spnegoPrincipal);
    conf.setBoolean(DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY, true);
    conf.set(DFS_DATA_TRANSFER_PROTECTION_KEY, "authentication");
    conf.set(DFS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTPS_ONLY.name());
    conf.set(DFS_NAMENODE_HTTPS_ADDRESS_KEY, "localhost:0");
    conf.set(DFS_DATANODE_HTTPS_ADDRESS_KEY, "localhost:0");
    conf.setInt(IPC_CLIENT_CONNECT_MAX_RETRIES_ON_SASL_KEY, 10);
    conf.setBoolean(DFS_MOVER_KEYTAB_ENABLED_KEY, true);
    conf.set(DFS_MOVER_ADDRESS_KEY, "localhost:0");
    conf.set(DFS_MOVER_KEYTAB_FILE_KEY, keytab);
    conf.set(DFS_MOVER_KERBEROS_PRINCIPAL_KEY, principal);
    String keystoresDir = baseDir.getAbsolutePath();
    String sslConfDir = KeyStoreTestUtil.getClasspathDir(TestMover.class);
    KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);
    conf.set(DFS_CLIENT_HTTPS_KEYSTORE_RESOURCE_KEY, KeyStoreTestUtil.getClientSSLConfigFileName());
    conf.set(DFS_SERVER_HTTPS_KEYSTORE_RESOURCE_KEY, KeyStoreTestUtil.getServerSSLConfigFileName());
    initConf(conf);
}