Ankit Kailaswar created LENS-1506:
-------------------------------------
Summary: Kerberos authentication in lens
Key: LENS-1506
URL: https://issues.apache.org/jira/browse/LENS-1506
Project: Apache Lens
Issue Type: Improvement
Components: client, driver-hive, python-client, server
Reporter: Ankit Kailaswar
Current Lens implementation is broken when we try to enable kerberos
authentication in lens as mentioned at
[https://cwiki.apache.org/confluence/display/Hive/Setting+Up+HiveServer2] in
following ways,
1. openSession REST API fails to create new session for user. Currently it
supports only passwd types of authentication.
2. If the underlying hive driver is running with kerberos authentication then
driver initialization flow to obtain hive transport for hive driver in lens
errors out. Hive server accepts only sasl messages but lens continues using
PLAINSASL.
3. If hadoop cluster has kerberos authentication enabled then all hdfs calls
(persisting services, all hdfs path in conf etc) fail.
4. Lens as if now doesnt supports refreshing KDC token before it expires.
Changes required in lens to fully support kerberose authentication are as
follows,
# lens's hive driver must use SASL for all communication in to kerberozied
hive. Current thrift client for hive doesn't support this functionality.
# Lens must refresh KDC ticket before it expires.
# All clients must be authenticated with kerberose authentication before
session creation.
# In kerberos mode all hive driver query should be executed with single
cluster user as "lens".
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
