[jira] [Updated] (HIVE-13590) Kerberized HS2 with LDAP auth enabled fails in multi-domain LDAP case

Chaoyu Tang (JIRA) Wed, 15 Jun 2016 19:20:14 -0700

     [ 
https://issues.apache.org/jira/browse/HIVE-13590?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Chaoyu Tang updated HIVE-13590:
-------------------------------
    Attachment: HIVE-13590.patch

[~szehon], [~spena] could you help review the patch? Thanks.

> Kerberized HS2 with LDAP auth enabled fails in multi-domain LDAP case
> ---------------------------------------------------------------------
>
>                 Key: HIVE-13590
>                 URL: https://issues.apache.org/jira/browse/HIVE-13590
>             Project: Hive
>          Issue Type: Bug
>          Components: Authentication, Security
>            Reporter: Chaoyu Tang
>            Assignee: Chaoyu Tang
>         Attachments: HIVE-13590.patch
>
>
> In a kerberized HS2 with LDAP authentication enabled, LDAP user usually logs 
> in using username in form of username@domain in LDAP multi-domain case. But 
> it fails if the domain was not in the Hadoop auth_to_local mapping rule, the 
> error is as following:
> {code}
> Caused by: 
> org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: 
> No rules applied to ct...@mydomain.com
> at 
> org.apache.hadoop.security.authentication.util.KerberosName.getShortName(KerberosName.java:389)
> at org.apache.hadoop.security.User.<init>(User.java:48)
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (HIVE-13590) Kerberized HS2 with LDAP auth enabled fails in multi-domain LDAP case

Reply via email to