java.lang.Object
org.apache.accumulo.core.client.security.tokens.KerberosToken
All Implemented Interfaces:
Cloneable, Destroyable, AuthenticationToken, org.apache.hadoop.io.Writable

public class KerberosToken extends Object implements AuthenticationToken
Authentication token for Kerberos authenticated clients
Since:
1.7.0
  • Field Details

    • CLASS_NAME

      public static final String CLASS_NAME
  • Constructor Details

    • KerberosToken

      public KerberosToken(String principal) throws IOException
      Creates a token using the provided principal and the currently logged-in user via UserGroupInformation. This method expects the current user (as defined by UserGroupInformation.getCurrentUser() to be authenticated via Kerberos or as a Proxy (on top of another user). An IllegalArgumentException will be thrown for all other cases.
      Parameters:
      principal - The user that is logged in
      Throws:
      IllegalArgumentException - If the current user is not authentication via Kerberos or Proxy methods.
      IOException
      See Also:
      • UserGroupInformation.getCurrentUser()
      • UserGroupInformation.getAuthenticationMethod()
    • KerberosToken

      public KerberosToken(String principal, File keytab) throws IOException
      Creates a Kerberos token for the specified principal using the provided keytab. The principal and keytab combination are verified by attempting a log in.

      This constructor does not have any side effects.

      Parameters:
      principal - The Kerberos principal
      keytab - A keytab file containing the principal's credentials.
      Throws:
      IOException
    • KerberosToken

      public KerberosToken() throws IOException
      Creates a token using the login user as returned by UserGroupInformation.getCurrentUser()
      Throws:
      IOException - If the current logged in user cannot be computed.
  • Method Details