[
https://issues.apache.org/jira/browse/LENS-1506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16426878#comment-16426878
]
Hudson commented on LENS-1506:
------------------------------
UNSTABLE: Integrated in Jenkins build Lens-Commit #1460 (See
[https://builds.apache.org/job/Lens-Commit/1460/])
LENS-1506: Kerberos authentication in lens (puneetgupta: rev
ea74a2c9306552646196c8a621b864c4afe2b438)
* (add)
lens-driver-hive/src/main/java/org/apache/lens/driver/hive/RetryingThriftCLIServiceClientSasl.java
* (edit) lens-server/src/main/java/org/apache/lens/server/BaseLensService.java
* (edit)
lens-driver-hive/src/main/java/org/apache/lens/driver/hive/RemoteThriftConnection.java
* (edit) lens-server/src/main/java/org/apache/lens/server/LensServices.java
* (edit) tools/scripts/lens-ctl
* (edit)
lens-server-api/src/main/java/org/apache/lens/server/api/LensConfConstants.java
* (edit)
lens-server-api/src/main/java/org/apache/lens/server/api/util/LensUtil.java
* (edit) lens-server/src/test/resources/lens-site.xml
* (edit) lens-server/src/main/resources/lensserver-default.xml
* (edit)
lens-driver-hive/src/main/java/org/apache/lens/driver/hive/HiveDriver.java
* (edit)
lens-server/src/main/java/org/apache/lens/server/session/HiveSessionService.java
> Kerberos authentication in lens
> -------------------------------
>
> Key: LENS-1506
> URL: https://issues.apache.org/jira/browse/LENS-1506
> Project: Apache Lens
> Issue Type: Improvement
> Components: client, driver-hive, python-client, server
> Reporter: Ankit Kailaswar
> Assignee: Ankit Kailaswar
> Priority: Major
> Fix For: 2.8
>
> Attachments: Lens-1506.1.patch, Lens-1506.2.patch, Lens-1506.3.patch,
> Lens-1506.4.patch, Lens-1506_patch, design3.png
>
>
> Current Lens implementation is broken when we try to enable kerberos
> authentication in lens as mentioned at
> [https://cwiki.apache.org/confluence/display/Hive/Setting+Up+HiveServer2] in
> following ways,
> 1. openSession REST API fails to create new session for user. Currently it
> supports only passwd types of authentication.
> 2. If the underlying hive driver is running with kerberos authentication then
> driver initialization flow to obtain hive transport for hive driver in lens
> errors out. Hive server accepts only sasl messages but lens continues using
> PLAINSASL.
> 3. If hadoop cluster has kerberos authentication enabled then all hdfs calls
> (persisting services, all hdfs path in conf etc) fail.
> 4. Lens as if now doesnt supports refreshing KDC token before it expires.
> Changes required in lens to fully support kerberose authentication are as
> follows,
> # lens's hive driver must use SASL for all communication in to kerberozied
> hive. Current thrift client for hive doesn't support this functionality.
> # Lens must refresh KDC ticket before it expires.
> # All clients must be authenticated with kerberose authentication before
> session creation.
> # In kerberos mode all hive driver query should be executed with single
> cluster user as "lens".
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
