| Package | Description |
|---|---|
| org.apache.ambari.server.controller | |
| org.apache.ambari.server.controller.utilities | |
| org.apache.ambari.server.serveraction.kerberos |
| Modifier and Type | Method and Description |
|---|---|
RequestStageContainer |
KerberosHelperImpl.createTestIdentity(Cluster cluster,
Map<String,String> commandParamsStage,
RequestStageContainer requestStageContainer) |
RequestStageContainer |
KerberosHelper.createTestIdentity(Cluster cluster,
Map<String,String> commandParamsStage,
RequestStageContainer requestStageContainer)
Create a unique identity to use for testing the general Kerberos configuration.
|
void |
KerberosHelperImpl.deleteIdentities(Cluster cluster,
List<Component> components,
Set<String> identities)
Deletes the kerberos identities of the given component, even if the component is already deleted.
|
void |
KerberosHelper.deleteIdentities(Cluster cluster,
List<Component> components,
Set<String> identities) |
RequestStageContainer |
KerberosHelperImpl.deleteIdentities(Cluster cluster,
Map<String,? extends Collection<String>> serviceComponentFilter,
Set<String> hostFilter,
Collection<String> identityFilter,
RequestStageContainer requestStageContainer,
Boolean manageIdentities) |
RequestStageContainer |
KerberosHelper.deleteIdentities(Cluster cluster,
Map<String,? extends Collection<String>> serviceComponentFilter,
Set<String> hostFilter,
Collection<String> identityFilter,
RequestStageContainer requestStageContainer,
Boolean manageIdentities)
Deletes the set of filtered principals and keytabs from the cluster.
|
RequestStageContainer |
KerberosHelperImpl.deleteTestIdentity(Cluster cluster,
Map<String,String> commandParamsStage,
RequestStageContainer requestStageContainer) |
RequestStageContainer |
KerberosHelper.deleteTestIdentity(Cluster cluster,
Map<String,String> commandParamsStage,
RequestStageContainer requestStageContainer)
Deletes the unique identity to use for testing the general Kerberos configuration.
|
RequestStageContainer |
KerberosHelperImpl.ensureIdentities(Cluster cluster,
Map<String,? extends Collection<String>> serviceComponentFilter,
Set<String> hostFilter,
Collection<String> identityFilter,
Set<String> hostsToForceKerberosOperations,
RequestStageContainer requestStageContainer,
Boolean manageIdentities) |
RequestStageContainer |
KerberosHelper.ensureIdentities(Cluster cluster,
Map<String,? extends Collection<String>> serviceComponentFilter,
Set<String> hostFilter,
Collection<String> identityFilter,
Set<String> hostsToForceKerberosOperations,
RequestStageContainer requestStageContainer,
Boolean manageIdentities)
Ensures the set of filtered principals and keytabs exist on the cluster.
|
RequestStageContainer |
KerberosHelperImpl.executeCustomOperations(Cluster cluster,
Map<String,String> requestProperties,
RequestStageContainer requestStageContainer,
Boolean manageIdentities) |
RequestStageContainer |
KerberosHelper.executeCustomOperations(Cluster cluster,
Map<String,String> requestProperties,
RequestStageContainer requestStageContainer,
Boolean manageIdentities)
Used to execute custom security operations which are sent as directives in URI
|
RequestStageContainer |
KerberosHelperImpl.toggleKerberos(Cluster cluster,
SecurityType securityType,
RequestStageContainer requestStageContainer,
Boolean manageIdentities) |
RequestStageContainer |
KerberosHelper.toggleKerberos(Cluster cluster,
SecurityType securityType,
RequestStageContainer requestStageContainer,
Boolean manageIdentities)
Toggles Kerberos security to enable it or remove it depending on the state of the cluster.
|
| Modifier and Type | Method and Description |
|---|---|
void |
RemovableIdentities.remove(KerberosHelper kerberosHelper)
Remove all identities which are related to the specified set of components and not used by
other services or components
|
| Modifier and Type | Class and Description |
|---|---|
class |
KerberosAdminAuthenticationException
KerberosAdminAuthenticationException is a KerberosOperationException thrown in the event a the
administrative credentials failed to validate while authenticating with the KDC.
|
class |
KerberosInvalidConfigurationException
Indicates invalid Kerberos configuration.
|
class |
KerberosKDCConnectionException
KerberosKDCConnectionException is a KerberosOperationException thrown in the event a connection
to the KDC was not able to be made.
|
class |
KerberosKDCSSLConnectionException
KerberosKDCSSLConnectionException is a KerberosOperationException thrown in the event a connection
to the KDC was not able to be made due to an SSL issue.
|
class |
KerberosLDAPContainerException
KerberosLDAPContainerException is a KerberosOperationException thrown in the event a connection
to the KDC was not able to be made.
|
class |
KerberosMissingAdminCredentialsException
Indicates that the KDC admin credentials have not been set.
|
class |
KerberosPrincipalAlreadyExistsException
KerberosPrincipalAlreadyExistsException is a KerberosOperationException thrown in the event a
request to create a new princip7als was made but the princial already exists in the KDC.
|
class |
KerberosPrincipalDoesNotExistException
KerberosPrincipalDoesNotExistException is a KerberosOperationException thrown in the event a
request to modify an existing principal was made but the princial does not exist in the KDC.
|
class |
KerberosRealmException
KerberosRealmException is a KerberosOperationException thrown in the event a connection
to the KDC was not able to be made due to an unexpected realm.
|
| Modifier and Type | Method and Description |
|---|---|
void |
ADKerberosOperationHandler.close()
Closes and cleans up any resources used by this KerberosOperationHandler
It is expected that this KerberosOperationHandler will not be used after this call.
|
void |
KerberosOperationHandler.close()
Closes and cleans up any resources used by this KerberosOperationHandler
It is expected that this KerberosOperationHandler will not be used after this call.
|
void |
IPAKerberosOperationHandler.close() |
void |
MITKerberosOperationHandler.close() |
protected DeconstructedPrincipal |
KerberosOperationHandler.createDeconstructPrincipal(String principal)
Given a principal, attempt to create a new DeconstructedPrincipal
|
protected org.apache.directory.server.kerberos.shared.keytab.Keytab |
KerberosOperationHandler.createKeytab(String principal,
String password,
Integer keyNumber)
Create a keytab using the specified principal and password.
|
protected boolean |
KerberosOperationHandler.createKeytabFile(File sourceKeytabFile,
File destinationKeytabFile)
Create or append to a keytab file using keytab data from another keytab file.
|
boolean |
KerberosOperationHandler.createKeytabFile(org.apache.directory.server.kerberos.shared.keytab.Keytab keytab,
File destinationKeytabFile)
Create or append to a keytab file using the specified Keytab
If the destination keytab file contains keytab data, that data will be merged with the new data
to create a composite set of keytab entries.
|
protected File |
KerberosOperationHandler.createKeytabFile(String keytabData)
Given base64-encoded keytab data, decode the String to binary data and write it to a (temporary)
file.
|
protected boolean |
KerberosOperationHandler.createKeytabFile(String principal,
String password,
Integer keyNumber,
File destinationKeytabFile)
Create or append to a keytab file using the specified principal and password.
|
protected LdapContext |
ADKerberosOperationHandler.createLdapContext()
Helper method to create the LDAP context needed to interact with the Active Directory.
|
Integer |
ADKerberosOperationHandler.createPrincipal(String principal,
String password,
boolean service)
Creates a new principal in a previously configured KDC
The implementation is specific to a particular type of KDC.
|
abstract Integer |
KerberosOperationHandler.createPrincipal(String principal,
String password,
boolean service)
Creates a new principal in a previously configured KDC
The implementation is specific to a particular type of KDC.
|
Integer |
IPAKerberosOperationHandler.createPrincipal(String principal,
String password,
boolean service)
Creates a new principal in a previously configured KDC.
|
Integer |
MITKerberosOperationHandler.createPrincipal(String principal,
String password,
boolean service)
Creates a new principal in a previously configured MIT KDC
This implementation creates a query to send to the kadmin shell command and then interrogates
the result from STDOUT to determine if the operation executed successfully.
|
protected ShellCommandUtil.Result |
KerberosOperationHandler.executeCommand(String[] command)
Executes a shell command.
|
protected ShellCommandUtil.Result |
KerberosOperationHandler.executeCommand(String[] command,
Map<String,String> envp,
ShellCommandUtil.InteractiveHandler interactiveHandler)
Executes a shell command.
|
protected ShellCommandUtil.Result |
KerberosOperationHandler.executeCommand(String[] command,
ShellCommandUtil.InteractiveHandler interactiveHandler)
Executes a shell command.
|
protected void |
IPAKerberosOperationHandler.exportKeytabFile(String principal,
String keytabFileDestinationPath,
Set<org.apache.directory.shared.kerberos.codec.types.EncryptionType> keyEncryptionTypes) |
protected void |
MITKerberosOperationHandler.exportKeytabFile(String principal,
String keytabFileDestinationPath,
Set<org.apache.directory.shared.kerberos.codec.types.EncryptionType> keyEncryptionTypes) |
protected String[] |
IPAKerberosOperationHandler.getKinitCommand(String executableKinit,
PrincipalKeyCredential credentials,
String credentialsCache,
Map<String,String> kerberosConfiguration) |
protected String[] |
MITKerberosOperationHandler.getKinitCommand(String executableKinit,
PrincipalKeyCredential credentials,
String credentialsCache,
Map<String,String> kerberosConfiguration) |
protected ShellCommandUtil.Result |
MITKerberosOperationHandler.invokeKAdmin(String query)
Invokes the kadmin shell command to issue queries
|
void |
ADKerberosOperationHandler.open(PrincipalKeyCredential administratorCredential,
String realm,
Map<String,String> kerberosConfiguration)
Prepares and creates resources to be used by this KerberosOperationHandler
It is expected that this KerberosOperationHandler will not be used before this call.
|
void |
KerberosOperationHandler.open(PrincipalKeyCredential administratorCredential,
String defaultRealm,
Map<String,String> kerberosConfiguration)
Prepares and creates resources to be used by this KerberosOperationHandler.
|
void |
IPAKerberosOperationHandler.open(PrincipalKeyCredential administratorCredentials,
String realm,
Map<String,String> kerberosConfiguration)
Prepares and creates resources to be used by this KerberosOperationHandler
It is expected that this KerberosOperationHandler will not be used before this call.
|
void |
MITKerberosOperationHandler.open(PrincipalKeyCredential administratorCredentials,
String realm,
Map<String,String> kerberosConfiguration)
Prepares and creates resources to be used by this KerberosOperationHandler
It is expected that this KerberosOperationHandler will not be used before this call.
|
boolean |
ADKerberosOperationHandler.principalExists(String principal,
boolean service)
Test to see if the specified principal exists in a previously configured KDC
The implementation is specific to a particular type of KDC.
|
abstract boolean |
KerberosOperationHandler.principalExists(String principal,
boolean service)
Test to see if the specified principal exists in a previously configured KDC
The implementation is specific to a particular type of KDC.
|
boolean |
IPAKerberosOperationHandler.principalExists(String principal,
boolean service)
Test to see if the specified principal exists in a previously configured IPA KDC
This implementation creates a query to send to the ipa shell command and then interrogates
the result from STDOUT to determine if the presence of the specified principal.
|
boolean |
MITKerberosOperationHandler.principalExists(String principal,
boolean service)
Test to see if the specified principal exists in a previously configured MIT KDC
This implementation creates a query to send to the kadmin shell command and then interrogates
the result from STDOUT to determine if the presence of the specified principal.
|
protected Map<String,Object> |
ADKerberosOperationHandler.processCreateTemplate(Map<String,Object> context)
Processes a Velocity template to generate a map of attributes and values to use to create
Active Directory accounts.
|
boolean |
ADKerberosOperationHandler.removePrincipal(String principal,
boolean service)
Removes an existing principal in a previously configured KDC
The implementation is specific to a particular type of KDC.
|
abstract boolean |
KerberosOperationHandler.removePrincipal(String principal,
boolean service)
Removes an existing principal in a previously configured KDC
The implementation is specific to a particular type of KDC.
|
boolean |
IPAKerberosOperationHandler.removePrincipal(String principal,
boolean service)
Removes an existing principal in a previously configured KDC
The implementation is specific to a particular type of KDC.
|
boolean |
MITKerberosOperationHandler.removePrincipal(String principal,
boolean service)
Removes an existing principal in a previously configured KDC
The implementation is specific to a particular type of KDC.
|
Integer |
ADKerberosOperationHandler.setPrincipalPassword(String principal,
String password,
boolean service)
Updates the password for an existing principal in a previously configured KDC
The implementation is specific to a particular type of KDC.
|
abstract Integer |
KerberosOperationHandler.setPrincipalPassword(String principal,
String password,
boolean service)
Updates the password for an existing principal in a previously configured KDC
The implementation is specific to a particular type of KDC.
|
boolean |
ADKerberosOperationHandler.testAdministratorCredentials() |
boolean |
KerberosOperationHandler.testAdministratorCredentials()
Tests to ensure the connection information and credentials allow for administrative
connectivity to the KDC
|
protected Set<org.apache.directory.shared.kerberos.codec.types.EncryptionType> |
KerberosOperationHandler.translateEncryptionTypes(String names,
String delimiter)
Given a delimited set of encryption type names, attempts to translate into a set of EncryptionType
values.
|
Copyright © 2022 Apache Software Foundation. All rights reserved.