[jira] [Commented] (HIVE-10115) HS2 running on a Kerberized cluster should offer Kerberos(GSSAPI) and Delegation token(DIGEST) when alternate authentication is enabled

Fri, 05 Feb 2016 09:07:55 -0800 

    [ 
https://issues.apache.org/jira/browse/HIVE-10115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15134483#comment-15134483
 ] 

Sergio Peña commented on HIVE-10115:
------------------------------------

The JDBC spark tests that failed are not related to this patch. Seems that 
those tests are flaky. I looked at other jobs, and there are other JDBC spark 
test classes that fail in the same way.
I run this test in my machine and it works.

Another failed test, {{TestTxnCommands2}}, is not related to this patch either. 
It does not touch anything from HS2 authentication, and the failure is due to a 
NullPointerException that happens in getting transactions from the metastore.
I run this test in my machine and it works.

The other 2  tests failed in previous jobs as well.
I'll do a +1 to this patch.

[~xuefuz] Could you confirm that the Spark tests are not related?

> HS2 running on a Kerberized cluster should offer Kerberos(GSSAPI) and 
> Delegation token(DIGEST) when alternate authentication is enabled
> ---------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-10115
>                 URL: https://issues.apache.org/jira/browse/HIVE-10115
>             Project: Hive
>          Issue Type: Improvement
>          Components: Authentication
>    Affects Versions: 1.1.0
>            Reporter: Mubashir Kazia
>            Assignee: Mubashir Kazia
>              Labels: patch
>         Attachments: HIVE-10115.0.patch, HIVE-10115.2.patch
>
>
> In a Kerberized cluster when alternate authentication is enabled on HS2, it 
> should also accept Kerberos Authentication. The reason this is important is 
> because when we enable LDAP authentication HS2 stops accepting delegation 
> token authentication. So we are forced to enter username passwords in the 
> oozie configuration.
> The whole idea of SASL is that multiple authentication mechanism can be 
> offered. If we disable Kerberos(GSSAPI) and delegation token (DIGEST) 
> authentication when we enable LDAP authentication, this defeats SASL purpose.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to