[jira] [Updated] (HIVE-15177) Authentication with hive fails when kerberos auth type is set to fromSubject and principal contains _HOST

Thu, 10 Nov 2016 07:13:44 -0800 

     [ 
https://issues.apache.org/jira/browse/HIVE-15177?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Subrahmanya updated HIVE-15177:
-------------------------------
    Description: 
Authentication with hive fails when kerberos auth type is set to fromSubject 
and principal contains _HOST.

When auth type is set to fromSubject, _HOST in principal is not resolved to the 
actual host name even though the correct host name is available. This leads to 
connection failure. If auth type is not set to fromSubject host resolution is 
done correctly.

The problem is in getKerberosTransport method of 
org.apache.hive.service.auth.KerberosSaslHelper class. When assumeSubject is 
true host name in the principal is not resolved. When it is false, host name is 
passed on to HadoopThriftAuthBridge, which takes care of resolving the 
parameter.

  was:
Authentication with hive fails when kerberos auth type is set to fromSubject 
and principal contains _HOST.

When auth type is set to fromSubject, _HOST in principal is not resolved to the 
actual host name even though the correct host name is available. This leads to 
connection failure. If auth type is not set to fromSubject host resolution is 
done correctly.


> Authentication with hive fails when kerberos auth type is set to fromSubject 
> and principal contains _HOST
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-15177
>                 URL: https://issues.apache.org/jira/browse/HIVE-15177
>             Project: Hive
>          Issue Type: Bug
>          Components: Authentication
>            Reporter: Subrahmanya
>
> Authentication with hive fails when kerberos auth type is set to fromSubject 
> and principal contains _HOST.
> When auth type is set to fromSubject, _HOST in principal is not resolved to 
> the actual host name even though the correct host name is available. This 
> leads to connection failure. If auth type is not set to fromSubject host 
> resolution is done correctly.
> The problem is in getKerberosTransport method of 
> org.apache.hive.service.auth.KerberosSaslHelper class. When assumeSubject is 
> true host name in the principal is not resolved. When it is false, host name 
> is passed on to HadoopThriftAuthBridge, which takes care of resolving the 
> parameter.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to