Package org.apache.hadoop.security.authentication.util

Class KerberosName

java.lang.Object
org.apache.hadoop.security.authentication.util.KerberosName
@LimitedPrivate({"HDFS","MapReduce"}) @Evolving public class KerberosName extends Object
This class implements parsing and handling of Kerberos principal names. In particular, it splits them apart and translates them down into local operating system names.

  • Field Details

    • MECHANISM_HADOOP

      public static final String MECHANISM_HADOOP
      Constant that defines auth_to_local legacy hadoop evaluation
      See Also:

    • MECHANISM_MIT

      public static final String MECHANISM_MIT
      Constant that defines auth_to_local MIT evaluation
      See Also:

    • DEFAULT_MECHANISM

      public static final String DEFAULT_MECHANISM
      Constant that defines the default behavior of the rule mechanism
      See Also:

  • Constructor Details

    • KerberosName

      public KerberosName(String name)
      Create a name from the full Kerberos principal name.
      Parameters:
      name - full Kerberos principal name.

  • Method Details

    • resetDefaultRealm

      @VisibleForTesting public static void resetDefaultRealm()

    • getDefaultRealm

      public static String getDefaultRealm()
      Get the configured default realm. Used syncronized method here, because double-check locking is overhead.
      Returns:
      the default realm from the krb5.conf

    • toString

      public String toString()
      Put the name back together from the parts.
      Overrides:
      toString in class Object

    • getServiceName

      public String getServiceName()
      Get the first component of the name.
      Returns:
      the first section of the Kerberos principal name

    • getHostName

      public String getHostName()
      Get the second component of the name.
      Returns:
      the second section of the Kerberos principal name, and may be null

    • getRealm

      public String getRealm()
      Get the realm of the name.
      Returns:
      the realm of the name, may be null

    • getShortName

      public String getShortName() throws IOException
      Get the translation of the principal name into an operating system user name.
      Returns:
      the short name
      Throws:
      IOException - throws if something is wrong with the rules

    • getRules

      public static String getRules()
      Get the rules.
      Returns:
      String of configured rules, or null if not yet configured

    • hasRulesBeenSet

      public static boolean hasRulesBeenSet()
      Indicates if the name rules have been set.
      Returns:
      if the name rules have been set.

    • hasRuleMechanismBeenSet

      public static boolean hasRuleMechanismBeenSet()
      Indicates of the rule mechanism has been set
      Returns:
      if the rule mechanism has been set.

    • setRules

      public static void setRules(String ruleString)
      Set the rules.
      Parameters:
      ruleString - the rules string.

    • setRuleMechanism

      public static void setRuleMechanism(String ruleMech)
      Parameters:
      ruleMech - the evaluation type: hadoop, mit 'hadoop' indicates '@' or '/' are not allowed the result evaluation. 'MIT' indicates that auth_to_local rules follow MIT Kerberos evaluation.

    • getRuleMechanism

      public static String getRuleMechanism()
      Get the rule evaluation mechanism
      Returns:
      the rule evaluation mechanism