Return-Path: 
 <commits-return-1556-apmail-accumulo-commits-archive=accumulo.apache.org@accumulo.apache.org>
X-Original-To: apmail-accumulo-commits-archive@www.apache.org
Delivered-To: apmail-accumulo-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 686E69CFF
	for <apmail-accumulo-commits-archive@www.apache.org>;
 Tue,  1 May 2012 20:51:05 +0000 (UTC)
Received: (qmail 8605 invoked by uid 500); 1 May 2012 20:51:05 -0000
Delivered-To: apmail-accumulo-commits-archive@accumulo.apache.org
Received: (qmail 8577 invoked by uid 500); 1 May 2012 20:51:05 -0000
Mailing-List: contact commits-help@accumulo.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@accumulo.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@accumulo.apache.org>
List-Post: <mailto:commits@accumulo.apache.org>
List-Id: <commits.accumulo.apache.org>
Reply-To: dev@accumulo.apache.org
Delivered-To: mailing list commits@accumulo.apache.org
Received: (qmail 8570 invoked by uid 99); 1 May 2012 20:51:05 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 01 May 2012 20:51:05 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 01 May 2012 20:50:59 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id 828D723888EA
	for <commits@accumulo.apache.org>; Tue,  1 May 2012 20:50:37 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1332812 - in /accumulo/trunk: ./ core/
 core/src/main/java/org/apache/accumulo/core/conf/ server/
 server/src/main/java/org/apache/accumulo/server/gc/
 server/src/main/java/org/apache/accumulo/server/logger/
 server/src/main/java/org/apache/ac...
Date: Tue, 01 May 2012 20:50:36 -0000
To: commits@accumulo.apache.org
From: vines@apache.org
X-Mailer: svnmailer-1.0.8-patched
Message-Id: <20120501205037.828D723888EA@eris.apache.org>

Author: vines
Date: Tue May  1 20:50:36 2012
New Revision: 1332812

URL: http://svn.apache.org/viewvc?rev=1332812&view=rev
Log:
Merging ACCUMULO-404


Added:
    accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java   (with props)
Modified:
    accumulo/trunk/   (props changed)
    accumulo/trunk/README
    accumulo/trunk/core/   (props changed)
    accumulo/trunk/core/src/main/java/org/apache/accumulo/core/conf/Property.java
    accumulo/trunk/pom.xml
    accumulo/trunk/server/   (props changed)
    accumulo/trunk/server/src/main/java/org/apache/accumulo/server/gc/SimpleGarbageCollector.java
    accumulo/trunk/server/src/main/java/org/apache/accumulo/server/logger/LogService.java
    accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java
    accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/state/SetGoalState.java
    accumulo/trunk/server/src/main/java/org/apache/accumulo/server/monitor/Monitor.java
    accumulo/trunk/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java
    accumulo/trunk/server/src/main/java/org/apache/accumulo/server/trace/TraceServer.java
    accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/Initialize.java

Propchange: accumulo/trunk/
------------------------------------------------------------------------------
  Merged /accumulo/branches/1.4/src:r1329420,1329498
  Merged /accumulo/branches/1.4:r1329420,1329498

Modified: accumulo/trunk/README
URL: http://svn.apache.org/viewvc/accumulo/trunk/README?rev=1332812&r1=1332811&r2=1332812&view=diff
==============================================================================
--- accumulo/trunk/README (original)
+++ accumulo/trunk/README Tue May  1 20:50:36 2012
@@ -191,53 +191,42 @@ certain column.
 
 
 If you are running on top of hdfs with kerberos enabled, then you need to do
-some extra work. We currently do not internally support kerberos, so you must
-manually manage the accumulo users tickets. First, create an accumulo principal
+some extra work. First, create an Accumulo principal
 
   kadmin.local -q "addprinc -randkey accumulo/<host.domain.name>"
 
 where <host.domain.name> is replaced by a fully qualified domain name. Export
-the principals to a keytab file
+the principals to a keytab file. It is safer to create a unique keytab file for each
+server, but you can also glob them if you wish.
 
   kadmin.local -q "xst -k accumulo.keytab -glob accumulo*"
 
 Place this file in $ACCUMULO_HOME/conf for every host. It should be owned by
 the accumulo user and chmodded to 400. Add the following to the accumulo-env.sh
 
-  kinit -kt $ACCUMULO_HOME/conf/accumulo.keytab accumulo/`hostname -f`
-
-And set the following crontab for every host
-
-  0 5 * * * kinit -kt $ACCUMULO_HOME/conf/accumulo.keytab accumulo/`hostname -f`
-
-Additionally, adjust the $ACCUMULO_HOME/conf/monitor.security.policy to change
-
-  permission java.util.PropertyPermission "*", "read";
-
-to
-  
-  permission java.util.PropertyPermission "*", "read,write";
-
-And add these lines to the end of the policy file
-
-  permission javax.security.auth.AuthPermission "createLoginContext.hadoop-user-kerberos";
-  permission java.lang.RuntimePermission "createSecurityManager";
-  permission javax.security.auth.AuthPermission "doAs";
-  permission javax.security.auth.AuthPermission "getPolicy";
-  permission java.security.SecurityPermission "createAccessControlContext";
-  permission javax.security.auth.AuthPermission "getSubjectFromDomainCombiner";
-  permission java.lang.RuntimePermission "getProtectionDomain";
-  permission javax.security.auth.AuthPermission "modifyPrivateCredentials";
-  permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosTicket javax.security.auth.kerberos.KerberosPrincipal \"*\"", "read";
-  permission javax.security.auth.kerberos.ServicePermission "krbtgt/<REALM>@<REALM>", "initiate";
-  permission javax.security.auth.kerberos.ServicePermission "hdfs/<namenode.domain.name>@<REALM>", "initiate";
-  permission javax.security.auth.kerberos.ServicePermission "mapred/<jobtracker.domain.name>@<REALM>", "initiate";
-
-Where <REALM> is replaced with the kerberos realm for the Hadoop cluster, 
-<namenode.domain.name> is replaced with the fully qualified domain name of the 
-server running the namenode and <jobtracker.domain.name> is replaced with the 
-fully qualified domain name of the server running the job tracker.
-
+In the accumulo-site.xml file on each node, add settings for general.kerberos.keytab
+and general.kerberos.principal, where the keytab setting is the absolute path
+to the keytab file ($ACCUMULO_HOME is valid to use) and principal is set to
+accumulo/_HOST@<REALM>, where REALM is set to your kerberos realm. You may use
+_HOST in lieu of your individual host names.
+
+  <property>
+    <name>general.kerberos.keytab</name>
+    <value>$ACCUMULO_HOME/conf/accumulo.keytab</value>
+  </property>
+
+  <property>
+    <name>general.kerberos.principal</name>
+    <value>accumulo/_HOST@MYREALM</value>
+  </property> 
+
+You can then start up Accumulo as you would with the accumulo user, and it will
+automatically handle the kerberos keys needed to access hdfs.
+
+Please Note: You may have issues initializing Accumulo while running kerberos HDFS.
+You can resolve this by temporarily granting the accumulo user write access to the
+hdfs root directory, running init, and then revoking write permission in the root 
+directory (be sure to maintain access to the /accumulo directory).
 
 ******************************************************************************
 6. Monitoring Apache Accumulo

Propchange: accumulo/trunk/core/
------------------------------------------------------------------------------
  Merged /accumulo/branches/1.4/core:r1329420,1329498
  Merged /accumulo/branches/1.4/src/core:r1329420,1329498

Modified: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/conf/Property.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/conf/Property.java?rev=1332812&r1=1332811&r2=1332812&view=diff
==============================================================================
--- accumulo/trunk/core/src/main/java/org/apache/accumulo/core/conf/Property.java (original)
+++ accumulo/trunk/core/src/main/java/org/apache/accumulo/core/conf/Property.java Tue May  1 20:50:36 2012
@@ -45,11 +45,13 @@ public enum Property {
   GENERAL_CLASSPATHS(AccumuloClassLoader.CLASSPATH_PROPERTY_NAME, AccumuloClassLoader.DEFAULT_CLASSPATH_VALUE, PropertyType.STRING,
       "A list of all of the places to look for a class. Order does matter, as it will look for the jar "
           + "starting in the first location to the last. Please note, hadoop conf and hadoop lib directories NEED to be here, "
-          + "along with accumulo lib and zookeeper directory. Supports full regex on filename alone."), // needs special treatment in accumulo start
-                                                                                                        // jar
+          + "along with accumulo lib and zookeeper directory. Supports full regex on filename alone."), // needs special treatment in accumulo start jar
   GENERAL_DYNAMIC_CLASSPATHS(AccumuloClassLoader.DYNAMIC_CLASSPATH_PROPERTY_NAME, AccumuloClassLoader.DEFAULT_DYNAMIC_CLASSPATH_VALUE, PropertyType.STRING,
       "A list of all of the places where changes in jars or classes will force a reload of the classloader."),
   GENERAL_RPC_TIMEOUT("general.rpc.timeout", "120s", PropertyType.TIMEDURATION, "Time to wait on I/O for simple, short RPC calls"),
+  GENERAL_KERBEROS_KEYTAB("general.kerberos.keytab", "", PropertyType.PATH, "Path to the kerberos keytab to use. Leave blank if not using kerberoized hdfs"),
+  GENERAL_KERBEROS_PRINCIPAL("general.kerberos.principal", "", PropertyType.STRING, "Name of the kerberos principal to use. _HOST will automatically be "
+      + "replaced by the machines hostname in the hostname portion of the principal. Leave blank if not using kerberoized hdfs"),
   
   // properties that are specific to master server behavior
   MASTER_PREFIX("master.", null, PropertyType.PREFIX, "Properties in this category affect the behavior of the master server"),

Modified: accumulo/trunk/pom.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/pom.xml?rev=1332812&r1=1332811&r2=1332812&view=diff
==============================================================================
--- accumulo/trunk/pom.xml (original)
+++ accumulo/trunk/pom.xml Tue May  1 20:50:36 2012
@@ -463,7 +463,7 @@
       <dependency>
         <groupId>org.apache.hadoop</groupId>
         <artifactId>hadoop-core</artifactId>
-        <version>0.20.2</version>
+        <version>0.20.203.0</version>
         <scope>provided</scope>
       </dependency>
       <dependency>

Propchange: accumulo/trunk/server/
------------------------------------------------------------------------------
  Merged /accumulo/branches/1.4/server:r1329420,1329498
  Merged /accumulo/branches/1.4/src/server:r1329420,1329498

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/gc/SimpleGarbageCollector.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/gc/SimpleGarbageCollector.java?rev=1332812&r1=1332811&r2=1332812&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/gc/SimpleGarbageCollector.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/gc/SimpleGarbageCollector.java Tue May  1 20:50:36 2012
@@ -74,6 +74,7 @@ import org.apache.accumulo.server.client
 import org.apache.accumulo.server.conf.ServerConfiguration;
 import org.apache.accumulo.server.master.state.tables.TableManager;
 import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SecurityUtil;
 import org.apache.accumulo.server.trace.TraceFileSystem;
 import org.apache.accumulo.server.util.Halt;
 import org.apache.accumulo.server.util.OfflineMetadataScanner;
@@ -94,7 +95,6 @@ import org.apache.hadoop.io.Text;
 import org.apache.log4j.Logger;
 import org.apache.zookeeper.KeeperException;
 
-
 public class SimpleGarbageCollector implements Iface {
   private static final Text EMPTY_TEXT = new Text();
   
@@ -133,7 +133,9 @@ public class SimpleGarbageCollector impl
   private Instance instance;
   
   public static void main(String[] args) throws UnknownHostException, IOException {
-    Instance instance = HdfsZooInstance.getInstance(); 
+    SecurityUtil.serverLogin();
+    
+    Instance instance = HdfsZooInstance.getInstance();
     ServerConfiguration serverConf = new ServerConfiguration(instance);
     final FileSystem fs = FileUtil.getFileSystem(CachedConfiguration.getInstance(), serverConf.getConfiguration());
     Accumulo.init(fs, serverConf, "gc");
@@ -164,8 +166,7 @@ public class SimpleGarbageCollector impl
     gc.run();
   }
   
-  public SimpleGarbageCollector() {
-  }
+  public SimpleGarbageCollector() {}
   
   public void setSafeMode() {
     this.safemode = true;

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/logger/LogService.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/logger/LogService.java?rev=1332812&r1=1332811&r2=1332812&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/logger/LogService.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/logger/LogService.java Tue May  1 20:50:36 2012
@@ -63,6 +63,7 @@ import org.apache.accumulo.server.client
 import org.apache.accumulo.server.conf.ServerConfiguration;
 import org.apache.accumulo.server.logger.LogWriter.LogWriteException;
 import org.apache.accumulo.server.security.Authenticator;
+import org.apache.accumulo.server.security.SecurityUtil;
 import org.apache.accumulo.server.security.ZKAuthenticator;
 import org.apache.accumulo.server.trace.TraceFileSystem;
 import org.apache.accumulo.server.util.FileSystemMonitor;
@@ -117,12 +118,13 @@ public class LogService implements Mutat
   }
   
   public static void main(String[] args) throws Exception {
+    SecurityUtil.serverLogin();
+
     LogService logService;
     Instance instance = HdfsZooInstance.getInstance();
     ServerConfiguration conf = new ServerConfiguration(instance);
     FileSystem fs = FileUtil.getFileSystem(CachedConfiguration.getInstance(), conf.getConfiguration());
     Accumulo.init(fs, conf, "logger");
-    
     String hostname = Accumulo.getLocalAddress(args);
     try {
       logService = new LogService(conf, fs, hostname);

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java?rev=1332812&r1=1332811&r2=1332812&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java Tue May  1 20:50:36 2012
@@ -142,6 +142,7 @@ import org.apache.accumulo.server.master
 import org.apache.accumulo.server.monitor.Monitor;
 import org.apache.accumulo.server.security.Authenticator;
 import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SecurityUtil;
 import org.apache.accumulo.server.security.ZKAuthenticator;
 import org.apache.accumulo.server.tabletserver.TabletTime;
 import org.apache.accumulo.server.tabletserver.log.RemoteLogger;
@@ -2163,6 +2164,8 @@ public class Master implements LiveTServ
   
   public static void main(String[] args) throws Exception {
     try {
+      SecurityUtil.serverLogin();
+      
       FileSystem fs = FileUtil.getFileSystem(CachedConfiguration.getInstance(), ServerConfiguration.getSiteConfiguration());
       String hostname = Accumulo.getLocalAddress(args);
       Instance instance = HdfsZooInstance.getInstance();

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/state/SetGoalState.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/state/SetGoalState.java?rev=1332812&r1=1332811&r2=1332812&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/state/SetGoalState.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/state/SetGoalState.java Tue May  1 20:50:36 2012
@@ -25,6 +25,7 @@ import org.apache.accumulo.core.zookeepe
 import org.apache.accumulo.server.Accumulo;
 import org.apache.accumulo.server.client.HdfsZooInstance;
 import org.apache.accumulo.server.conf.ServerConfiguration;
+import org.apache.accumulo.server.security.SecurityUtil;
 import org.apache.accumulo.server.zookeeper.ZooReaderWriter;
 import org.apache.hadoop.fs.FileSystem;
 
@@ -38,6 +39,8 @@ public class SetGoalState {
       System.err.println("Usage: accumulo " + SetGoalState.class.getName() + " [NORMAL|SAFE_MODE|CLEAN_STOP]");
       System.exit(-1);
     }
+    SecurityUtil.serverLogin();
+
     FileSystem fs = FileUtil.getFileSystem(CachedConfiguration.getInstance(), ServerConfiguration.getSiteConfiguration());
     Accumulo.waitForZookeeperAndHdfs(fs);
     ZooReaderWriter.getInstance().putPersistentData(ZooUtil.getRoot(HdfsZooInstance.getInstance()) + Constants.ZMASTER_GOAL_STATE, args[0].getBytes(),

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/monitor/Monitor.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/monitor/Monitor.java?rev=1332812&r1=1332811&r2=1332812&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/monitor/Monitor.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/monitor/Monitor.java Tue May  1 20:50:36 2012
@@ -69,6 +69,7 @@ import org.apache.accumulo.server.monito
 import org.apache.accumulo.server.problems.ProblemReports;
 import org.apache.accumulo.server.problems.ProblemType;
 import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SecurityUtil;
 import org.apache.accumulo.server.util.EmbeddedWebServer;
 import org.apache.hadoop.fs.FileSystem;
 import org.apache.log4j.Logger;
@@ -443,6 +444,8 @@ public class Monitor {
   }
   
   public static void main(String[] args) throws Exception {
+    SecurityUtil.serverLogin();
+    
     FileSystem fs = FileUtil.getFileSystem(CachedConfiguration.getInstance(), ServerConfiguration.getSiteConfiguration());
     String hostname = Accumulo.getLocalAddress(args);
     instance = HdfsZooInstance.getInstance();

Added: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java?rev=1332812&view=auto
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java (added)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java Tue May  1 20:50:36 2012
@@ -0,0 +1,87 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.accumulo.server.security;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+
+import org.apache.accumulo.core.conf.AccumuloConfiguration;
+import org.apache.accumulo.core.conf.Property;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.log4j.Logger;
+
+/**
+ * 
+ */
+public class SecurityUtil {
+  private static final Logger log = Logger.getLogger(SecurityUtil.class);
+
+  /**
+   * This method is for logging a server in kerberos. If this is used in client code, it will fail unless run as the accumulo keytab's owner. Instead, use
+   * {@link #login(String, String)}
+   * 
+   * @throws UnknownHostException
+   * @throws IOException
+   */
+  public static void serverLogin() {
+    @SuppressWarnings("deprecation")
+    AccumuloConfiguration acuConf = AccumuloConfiguration.getSiteConfiguration();
+    String keyTab = acuConf.get(Property.GENERAL_KERBEROS_KEYTAB);
+    if (keyTab == null || keyTab.length() == 0)
+      return;
+    if (keyTab.contains("$ACCUMULO_HOME") && System.getenv("ACCUMULO_HOME") != null)
+      keyTab = keyTab.replace("$ACCUMULO_HOME", System.getenv("ACCUMULO_HOME"));
+    
+    String principalConfig = acuConf.get(Property.GENERAL_KERBEROS_PRINCIPAL);
+    if (principalConfig == null || principalConfig.length() == 0)
+      return;
+    
+    if (login(principalConfig, keyTab)) {
+      try {
+        // This spawns a thread to periodically renew the logged in (accumulo) user
+        UserGroupInformation.getLoginUser();
+      } catch (IOException io) {
+        log.error("Error starting up renewal thread. This shouldn't be happenining.", io);
+      }
+    }
+  }
+  
+  /**
+   * This will log in the given user in kerberos.
+   * 
+   * @param principalConfig
+   *          This is the principals name in the format NAME/HOST@REALM. {@link org.apache.hadoop.security.SecurityUtil#HOSTNAME_PATTERN} will automatically be
+   *          replaced by the systems host name.
+   * @param keyTabPath
+   * @return true if login succeeded, otherwise false
+   * @throws IOException
+   */
+  public static boolean login(String principalConfig, String keyTabPath) {
+    try {
+      String principalName = org.apache.hadoop.security.SecurityUtil.getServerPrincipal(principalConfig, InetAddress.getLocalHost().getCanonicalHostName());
+      if (keyTabPath != null && principalName != null && keyTabPath.length() != 0 && principalName.length() != 0) {
+        UserGroupInformation.loginUserFromKeytab(principalName, keyTabPath);
+        log.info("Succesfully logged in as user " + principalConfig);
+        return true;
+      }
+    } catch (IOException io) {
+      log.error("Error logging in user " + principalConfig + " using keytab at " + keyTabPath, io);
+    }
+    return false;
+  }
+}

Propchange: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java?rev=1332812&r1=1332811&r2=1332812&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java Tue May  1 20:50:36 2012
@@ -146,6 +146,7 @@ import org.apache.accumulo.server.proble
 import org.apache.accumulo.server.problems.ProblemReports;
 import org.apache.accumulo.server.security.Authenticator;
 import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SecurityUtil;
 import org.apache.accumulo.server.security.ZKAuthenticator;
 import org.apache.accumulo.server.tabletserver.Tablet.CommitSession;
 import org.apache.accumulo.server.tabletserver.Tablet.KVEntry;
@@ -200,12 +201,11 @@ import org.apache.thrift.server.TServer;
 import org.apache.zookeeper.KeeperException;
 import org.apache.zookeeper.KeeperException.NoNodeException;
 
-
 enum ScanRunState {
   QUEUED, RUNNING, FINISHED
 }
 
-public class TabletServer extends AbstractMetricsImpl implements org.apache.accumulo.server.tabletserver.metrics.TabletServerMBean  {
+public class TabletServer extends AbstractMetricsImpl implements org.apache.accumulo.server.tabletserver.metrics.TabletServerMBean {
   private static final Logger log = Logger.getLogger(TabletServer.class);
   
   private static HashMap<String,Long> prevGcTime = new HashMap<String,Long>();
@@ -2653,6 +2653,8 @@ public class TabletServer extends Abstra
   
   // main loop listens for client requests
   public void run() {
+    SecurityUtil.serverLogin();
+
     int clientPort = 0;
     try {
       clientPort = startTabletClientService();
@@ -3091,6 +3093,7 @@ public class TabletServer extends Abstra
   
   public static void main(String[] args) throws IOException {
     try {
+      SecurityUtil.serverLogin();
       FileSystem fs = FileUtil.getFileSystem(CachedConfiguration.getInstance(), ServerConfiguration.getSiteConfiguration());
       String hostname = Accumulo.getLocalAddress(args);
       Instance instance = HdfsZooInstance.getInstance();

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/trace/TraceServer.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/trace/TraceServer.java?rev=1332812&r1=1332811&r2=1332812&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/trace/TraceServer.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/trace/TraceServer.java Tue May  1 20:50:36 2012
@@ -42,6 +42,7 @@ import org.apache.accumulo.core.zookeepe
 import org.apache.accumulo.server.Accumulo;
 import org.apache.accumulo.server.client.HdfsZooInstance;
 import org.apache.accumulo.server.conf.ServerConfiguration;
+import org.apache.accumulo.server.security.SecurityUtil;
 import org.apache.accumulo.server.util.time.SimpleTimer;
 import org.apache.accumulo.server.zookeeper.IZooReaderWriter;
 import org.apache.accumulo.server.zookeeper.ZooReaderWriter;
@@ -214,7 +215,6 @@ public class TraceServer implements Watc
     }
   }
   
-
   private void registerInZooKeeper(String name) throws Exception {
     String root = ZooUtil.getRoot(serverConfiguration.getInstance()) + Constants.ZTRACERS;
     IZooReaderWriter zoo = ZooReaderWriter.getInstance();
@@ -223,6 +223,7 @@ public class TraceServer implements Watc
   }
   
   public static void main(String[] args) throws Exception {
+    SecurityUtil.serverLogin();
     Instance instance = HdfsZooInstance.getInstance();
     ServerConfiguration conf = new ServerConfiguration(instance);
     FileSystem fs = FileUtil.getFileSystem(CachedConfiguration.getInstance(), conf.getConfiguration());

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/Initialize.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/Initialize.java?rev=1332812&r1=1332811&r2=1332812&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/Initialize.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/Initialize.java Tue May  1 20:50:36 2012
@@ -49,6 +49,7 @@ import org.apache.accumulo.server.constr
 import org.apache.accumulo.server.iterators.MetadataBulkLoadFilter;
 import org.apache.accumulo.server.master.state.tables.TableManager;
 import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SecurityUtil;
 import org.apache.accumulo.server.security.ZKAuthenticator;
 import org.apache.accumulo.server.tabletserver.TabletTime;
 import org.apache.accumulo.server.zookeeper.IZooReaderWriter;
@@ -425,8 +426,11 @@ public class Initialize {
     }
     
     try {
+      SecurityUtil.serverLogin();
       Configuration conf = CachedConfiguration.getInstance();
+      
       FileSystem fs = FileUtil.getFileSystem(conf, ServerConfiguration.getSiteConfiguration());
+
       if (justSecurity) {
         if (isInitialized(fs))
           initSecurity(HdfsZooInstance.getInstance().getInstanceID(), getRootPassword());