HADOOP-8141. Add method to SecurityUtil to init krb5 cipher suites. Contributed by Todd Lipcon.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1298036 13f79535-47bb-0310-9956-ffa450edef68

hadoop-common-project/hadoop-common/CHANGES.txt

@@ -113,6 +113,9 @@ Trunk (unreleased changes)
     HADOOP-7888. TestFailoverProxy fails intermittently on trunk. (Jason Lowe
     via atm)
 
+    HADOOP-8141. Add method to SecurityUtil to init krb5 cipher suites.
+    (todd)
+
   OPTIMIZATIONS
 
     HADOOP-7761. Improve the performance of raw comparisons. (todd)

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Krb5AndCertsSslSocketConnector.java

@@ -58,7 +58,7 @@ public class Krb5AndCertsSslSocketConnector extends SslSocketConnector {
     Collections.unmodifiableList(Collections.singletonList(
           "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"));
   static {
-    System.setProperty("https.cipherSuites", KRB5_CIPHER_SUITES.get(0));
+    SecurityUtil.initKrb5CipherSuites();
   }
   
   private static final Log LOG = LogFactory

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java

@@ -620,4 +620,11 @@ public class SecurityUtil {
       searchDomains = Arrays.asList(domains);
     }
   }
+
+  public static void initKrb5CipherSuites() {
+    if (UserGroupInformation.isSecurityEnabled()) {
+      System.setProperty("https.cipherSuites",
+          Krb5AndCertsSslSocketConnector.KRB5_CIPHER_SUITES.get(0));
+    }
+  }
 }