[ https://issues.apache.org/jira/browse/HIVE-11089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Adam Kunicki updated HIVE-11089: -------------------------------- Description: HIVE-8427 adds a call to ugi.hasKerberosCredentials() to check whether the connection is supposed to be a secure connection. This however breaks support for Proxy Users as a proxy user UGI will always return false to hasKerberosCredentials(). If the goal is to determine whether this is a secure cluster, we could instead call: {code} this.secureMode = ugi == null ? ugi.getRealAuthenticationMethod() != SIMPLE {code} This change would for both proxy users and real users. See lines 273, 274 of HiveEndPoint.java {code} this.secureMode = ugi==null ? false : ugi.hasKerberosCredentials(); this.msClient = getMetaStoreClient(endPoint, conf, secureMode); {code} for reference: https://github.com/apache/hive/commit/8e423a12db47759196c24535fbc32236b79f464a was: HIVE-8427 adds a call to ugi.hasKerberosCredentials() to check whether the connection is supposed to be a secure connection. This however breaks support for Proxy Users as a proxy user UGI will always return false to hasKerberosCredentials(). > Hive Streaming: connection fails when using a proxy user UGI > ------------------------------------------------------------ > > Key: HIVE-11089 > URL: https://issues.apache.org/jira/browse/HIVE-11089 > Project: Hive > Issue Type: Bug > Components: HCatalog > Affects Versions: 0.14.0, 1.0.0, 1.2.0 > Reporter: Adam Kunicki > Labels: ACID, Streaming > > HIVE-8427 adds a call to ugi.hasKerberosCredentials() to check whether the > connection is supposed to be a secure connection. > This however breaks support for Proxy Users as a proxy user UGI will always > return false to hasKerberosCredentials(). > If the goal is to determine whether this is a secure cluster, we could > instead call: > {code} > this.secureMode = ugi == null ? ugi.getRealAuthenticationMethod() != SIMPLE > {code} > This change would for both proxy users and real users. > See lines 273, 274 of HiveEndPoint.java > {code} > this.secureMode = ugi==null ? false : ugi.hasKerberosCredentials(); > this.msClient = getMetaStoreClient(endPoint, conf, secureMode); > {code} > for reference: > https://github.com/apache/hive/commit/8e423a12db47759196c24535fbc32236b79f464a -- This message was sent by Atlassian JIRA (v6.3.4#6332)