-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/19599/
-----------------------------------------------------------
(Updated March 26, 2014, 1:18 a.m.)
Review request for hive, Ashutosh Chauhan, Thejas Nair, and Vaibhav Gumashta.
Bugs: HIVE-6697
https://issues.apache.org/jira/browse/HIVE-6697
Repository: hive-git
Description
-------
See JIra for description
https://issues.apache.org/jira/browse/HIVE-6697
Diffs (updated)
-----
common/src/java/org/apache/hadoop/hive/conf/HiveConf.java affcbb4
conf/hive-default.xml.template 3c3df43
service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java 6e6a47d
service/src/java/org/apache/hive/service/cli/CLIService.java e31a74e
service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpCLIService.java
cb01cfd
service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
255a165
shims/0.20/src/main/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java
9aa555a
shims/common-secure/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java
d4cddda
shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java
ed951f1
Diff: https://reviews.apache.org/r/19599/diff/
Testing
-------
## Verification of enhancement with Beeline/JDBC
### Verified the following calls succeeded getting connection, and listig
tables,
when valid spnego.principal and spengo.keytab are specified in hive-site.xml,
and the client has KINITed and has a valid kerberos ticket in cache
!connect
jdbc:hive2://hdps.example.com:10001/default;principal=hive/[email protected]?hive.server2.transport.mode=http;hive.server2.thrift.http.path=cliservice
dummy dummy-pass org.apache.hive.jdbc.HiveDriver
!connect
jdbc:hive2://hdps.example.com:10001/default;principal=HTTP/[email protected]?hive.server2.transport.mode=http;hive.server2.thrift.http.path=cliservice
dummy dummy-pass org.apache.hive.jdbc.HiveDriver
### Verified the following call succeeded getting connection, and listig
tables,
even if valid spnego.principal or valid spengo.keytab is not specified in
hive-site.xml,
as long as valid hive server2 kerberos principal and keytab are specified in
hive-site.xml,
and the client has KINITed and has a valid kerberos ticket in cache
!connect
jdbc:hive2://hdps.example.com:10001/default;principal=hive/[email protected]?hive.server2.transport.mode=http;hive.server2.thrift.http.path=cliservice
dummy dummy-pass org.apache.hive.jdbc.HiveDriver
### Verified the following call failed getting connection,
when valid spnego.principal or valid spengo.keytab is not specified in
hive-site.xml
!connect
jdbc:hive2://hdps.example.com:10001/default;principal=HTTP/[email protected]?hive.server2.transport.mode=http;hive.server2.thrift.http.path=cliservice
dummy dummy-pass org.apache.hive.jdbc.HiveDriver
## Verification of enhancement with Apache Knox
Apache Knox was able to authenticate to hive server 2 as SPNego client using
Apache HttpClient,
and list tables, when correct spnego.principal and spengo.keytab are specified
in hive-site.xml
Apache Knox was not able to authenticate to hive server 2 as SPNego client
using Apache HttpClient,
when valid spnego.principal or spengo.keytab is not specified in hive-site.xml
## Verification of enhancement with curl
### when valid spnego.principal and spengo.keytab are specified in hive-site.xml
and the client has KINITed and has a valid kerberos ticket in cache
curl -i --negotiate -u : http://hdps.example.com:10001/cliservice
SPNego authentication succeeded and got a HTTP status code 500,
since we did not end Thrift body content
### when valid spnego.principal and spengo.keytab are specified in hive-site.xml
and the client has not KINITed and does not have a valid kerberos ticket in
cache
curl -i --negotiate -u : http://hdps.example.com:10001/cliservice
url -i --negotiate -u : http://hdps.example.com:10001/cliservice
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Negotiate
Content-Type: application/x-thrift;charset=ISO-8859-1
Content-Length: 69
Server: Jetty(7.6.0.v20120127)
Authentication Error: java.lang.reflect.UndeclaredThrowableException
Thanks,
dilli dorai
