[jira] [Updated] (HIVE-11089) Hive Streaming: connection fails when using a proxy user UGI

Tue, 23 Jun 2015 20:57:12 -0700 

     [ 
https://issues.apache.org/jira/browse/HIVE-11089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Adam Kunicki updated HIVE-11089:
--------------------------------
    Description: 
HIVE-8427 adds a call to ugi.hasKerberosCredentials() to check whether the 
connection is supposed to be a secure connection.

This however breaks support for Proxy Users as a proxy user UGI will always 
return false to hasKerberosCredentials().

If the goal is to determine whether this is a secure cluster, we could instead 
call:
{code}
this.secureMode = ugi == null ? ugi.getRealAuthenticationMethod() != SIMPLE
{code}

This change would for both proxy users and real users.

See lines 273, 274 of HiveEndPoint.java
{code}
this.secureMode = ugi==null ? false : ugi.hasKerberosCredentials();
this.msClient = getMetaStoreClient(endPoint, conf, secureMode);
{code}

for reference: 
https://github.com/apache/hive/commit/8e423a12db47759196c24535fbc32236b79f464a

  was:
HIVE-8427 adds a call to ugi.hasKerberosCredentials() to check whether the 
connection is supposed to be a secure connection.

This however breaks support for Proxy Users as a proxy user UGI will always 
return false to hasKerberosCredentials().


> Hive Streaming: connection fails when using a proxy user UGI
> ------------------------------------------------------------
>
>                 Key: HIVE-11089
>                 URL: https://issues.apache.org/jira/browse/HIVE-11089
>             Project: Hive
>          Issue Type: Bug
>          Components: HCatalog
>    Affects Versions: 0.14.0, 1.0.0, 1.2.0
>            Reporter: Adam Kunicki
>              Labels: ACID, Streaming
>
> HIVE-8427 adds a call to ugi.hasKerberosCredentials() to check whether the 
> connection is supposed to be a secure connection.
> This however breaks support for Proxy Users as a proxy user UGI will always 
> return false to hasKerberosCredentials().
> If the goal is to determine whether this is a secure cluster, we could 
> instead call:
> {code}
> this.secureMode = ugi == null ? ugi.getRealAuthenticationMethod() != SIMPLE
> {code}
> This change would for both proxy users and real users.
> See lines 273, 274 of HiveEndPoint.java
> {code}
> this.secureMode = ugi==null ? false : ugi.hasKerberosCredentials();
> this.msClient = getMetaStoreClient(endPoint, conf, secureMode);
> {code}
> for reference: 
> https://github.com/apache/hive/commit/8e423a12db47759196c24535fbc32236b79f464a



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to