1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | /**CreatePrincipalServerAction.java * Creates a principal in the relevant KDC * * @param principal the principal name to create * @param isServicePrincipal true if the principal is a service principal; false if the * principal is a user principal * @param kerberosConfiguration the kerberos-env configuration properties * @param kerberosOperationHandler the KerberosOperationHandler for the relevant KDC * @param actionLog the logger (may be null if no logging is desired) * @return a CreatePrincipalResult containing the generated password and key number value */ public CreatePrincipalResult createPrincipal(String principal, boolean isServicePrincipal, Map<String,String> kerberosConfiguration, KerberosOperationHandler kerberosOperationHandler, ActionLog actionLog) { …. //根据用户设定的规则生成一个密码字符串 String password = securePasswordHelper.createSecurePassword(length, minLowercaseLetters, minUppercaseLetters, minDigits, minPunctuation, minWhitespace); … … //调用 kerberosOperationHandler 向 KDC 创建 Principal Integer keyNumber = kerberosOperationHandler.createPrincipal(principal, password, isServicePrincipal); … } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | /**CreteKeytabFilesServerActon.java * For each identity, create a keytab and append to a new or existing keytab file. * < * *@param identityRecord a Map containing the data for the current identity record *@param evaluatedPrincipal a String indicating the relevant principal *@param operationHandler a KerberosOperationHandler used to perform Kerberos-related * tasks for specific Kerberos implementations * (MIT, Active Directory, etc...) * @param kerberosConfiguration a Map of configuration properties from kerberos-env * @param requestSharedDataContext a Map to be used a shared data among all ServerActions related * to a given request @return a CommandReport, indicating an error * condition; or null, indicating a success condition * @throws AmbariException if an error occurs while processing the identity record */ @Override protected CommandReport processIdentity(Map<String, String> identityRecord, String evaluatedPrincipal, KerberosOperationHandler operationHandler, Map<String, String> kerberosConfiguration, Map<String, Object> requestSharedDataContext) throws AmbariException { … //创建 Keytab 文件的内容,也就是 Keytab data Keytab keytab = createKeytab(evaluatedPrincipal, password, keyNumber, operationHandler, visitedPrincipalKeys != null, canCache, actionLog); … … //将创建的 Keytab data,写入 Keytab 文件中,如果文件不存在就创建,如果存在,就将内容 merge 到一起 operationHandler.createKeytabFile(keytab, destinationKeytabFile)) { ensureAmbariOnlyAccess(destinationKeytabFile); … } |
1 2 3 4 5 6 | from resource_management.libraries.script.script import Script config = Script.get_config() security_enabled = config['configurations']['cluster-env']['security_enabled'] if security_enabled: #do something pass |
欢迎光临 电子技术论坛_中国专业的电子工程师学习交流社区-中电网技术论坛 (http://bbs.eccn.com/) | Powered by Discuz! 7.0.0 |