public virtual void TestLogin() { string userPrincipal = Runtime.GetProperty("user.principal"); string userKeyTab = Runtime.GetProperty("user.keytab"); NUnit.Framework.Assert.IsNotNull("User principal was not specified", userPrincipal ); NUnit.Framework.Assert.IsNotNull("User keytab was not specified", userKeyTab); Configuration conf = new Configuration(); conf.Set(CommonConfigurationKeys.HadoopSecurityAuthentication, "kerberos"); UserGroupInformation.SetConfiguration(conf); UserGroupInformation ugi = UserGroupInformation.LoginUserFromKeytabAndReturnUGI(userPrincipal , userKeyTab); Assert.Equal(UserGroupInformation.AuthenticationMethod.Kerberos , ugi.GetAuthenticationMethod()); try { UserGroupInformation.LoginUserFromKeytabAndReturnUGI("*****@*****.**", userKeyTab ); NUnit.Framework.Assert.Fail("Login should have failed"); } catch (Exception ex) { Runtime.PrintStackTrace(ex); } }
public virtual void TestSecureNameNode() { MiniDFSCluster cluster = null; try { string nnPrincipal = Runtime.GetProperty("dfs.namenode.kerberos.principal"); string nnSpnegoPrincipal = Runtime.GetProperty("dfs.namenode.kerberos.internal.spnego.principal" ); string nnKeyTab = Runtime.GetProperty("dfs.namenode.keytab.file"); NUnit.Framework.Assert.IsNotNull("NameNode principal was not specified", nnPrincipal ); NUnit.Framework.Assert.IsNotNull("NameNode SPNEGO principal was not specified", nnSpnegoPrincipal ); NUnit.Framework.Assert.IsNotNull("NameNode keytab was not specified", nnKeyTab); Configuration conf = new HdfsConfiguration(); conf.Set(CommonConfigurationKeys.HadoopSecurityAuthentication, "kerberos"); conf.Set(DFSConfigKeys.DfsNamenodeKerberosPrincipalKey, nnPrincipal); conf.Set(DFSConfigKeys.DfsNamenodeKerberosInternalSpnegoPrincipalKey, nnSpnegoPrincipal ); conf.Set(DFSConfigKeys.DfsNamenodeKeytabFileKey, nnKeyTab); cluster = new MiniDFSCluster.Builder(conf).NumDataNodes(NumOfDatanodes).Build(); MiniDFSCluster clusterRef = cluster; cluster.WaitActive(); FileSystem fsForCurrentUser = cluster.GetFileSystem(); fsForCurrentUser.Mkdirs(new Path("/tmp")); fsForCurrentUser.SetPermission(new Path("/tmp"), new FsPermission((short)511)); // The user specified should not be a superuser string userPrincipal = Runtime.GetProperty("user.principal"); string userKeyTab = Runtime.GetProperty("user.keytab"); NUnit.Framework.Assert.IsNotNull("User principal was not specified", userPrincipal ); NUnit.Framework.Assert.IsNotNull("User keytab was not specified", userKeyTab); UserGroupInformation ugi = UserGroupInformation.LoginUserFromKeytabAndReturnUGI(userPrincipal , userKeyTab); FileSystem fs = ugi.DoAs(new _PrivilegedExceptionAction_105(clusterRef)); try { Path p = new Path("/users"); fs.Mkdirs(p); NUnit.Framework.Assert.Fail("User must not be allowed to write in /"); } catch (IOException) { } Path p_1 = new Path("/tmp/alpha"); fs.Mkdirs(p_1); NUnit.Framework.Assert.IsNotNull(fs.ListStatus(p_1)); NUnit.Framework.Assert.AreEqual(UserGroupInformation.AuthenticationMethod.Kerberos , ugi.GetAuthenticationMethod()); } finally { if (cluster != null) { cluster.Shutdown(); } } }
/// <exception cref="System.Exception"/> public static void Main(string[] args) { if (args.Length != 4) { System.Console.Error.WriteLine("usage: ManualTestKeytabLogins <principal 1> <keytab 1> <principal 2> <keytab 2>" ); System.Environment.Exit(1); } UserGroupInformation ugi1 = UserGroupInformation.LoginUserFromKeytabAndReturnUGI( args[0], args[1]); System.Console.Out.WriteLine("UGI 1 = " + ugi1); Assert.True(ugi1.GetUserName().Equals(args[0])); UserGroupInformation ugi2 = UserGroupInformation.LoginUserFromKeytabAndReturnUGI( args[2], args[3]); System.Console.Out.WriteLine("UGI 2 = " + ugi2); Assert.True(ugi2.GetUserName().Equals(args[2])); }
/// <summary>Login via a UGI.</summary> /// <remarks>Login via a UGI. Requres UGI to have been set up</remarks> /// <param name="user">username</param> /// <param name="keytab">keytab to list</param> /// <returns>the UGI</returns> /// <exception cref="System.IO.IOException"/> public static UserGroupInformation LoginUGI(string user, FilePath keytab) { Log.Info("Logging in as {} from {}", user, keytab); return(UserGroupInformation.LoginUserFromKeytabAndReturnUGI(user, keytab.GetAbsolutePath ())); }