Venki Korukanti created DRILL-3413:
--------------------------------------
Summary: Use DIGEST mechanism in creating Hive MetaStoreClient for
proxy users when SASL authentication is enabled
Key: DRILL-3413
URL: https://issues.apache.org/jira/browse/DRILL-3413
Project: Apache Drill
Issue Type: Bug
Components: Storage - Hive
Affects Versions: 1.1.0
Reporter: Venki Korukanti
Assignee: Venki Korukanti
Fix For: 1.1.0
Currently we fail to create HiveMetaStoreClient for proxy users when SASL
authentication is enabled between HiveMeaStore server and clients. We fail to
create the client because when SASL (kerberos or vendor specific custom SASL
implementations) is enabled some vendor specific versions of Hive only accept
DIGEST as the authentication mechanism for proxy client.
To fix this issue:
1. Drillbit need to create a HiveMetaStoreClient with its credentials (these
are directly credentials and not proxy)
2. Whenever Drillbit need to create a HiveMetaStoreClient for proxy user (user
being impersonated), get the delegation token for proxy user from MetaStore
server using the Drillbit process user HiveMetaStoreClient. Set this delegation
token in a new HiveConf object and pass it to HiveMetaStoreClient.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
