[ https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16652614#comment-16652614 ]
ASF GitHub Bot commented on NIFI-5714: -------------------------------------- Github user pvillard31 commented on the issue: https://github.com/apache/nifi/pull/3086 Hey @mattyb149 - could you let me know if this LGTY ;) > Hive[3]ConnectionPool - Kerberos Authentication issue/misleading > ---------------------------------------------------------------- > > Key: NIFI-5714 > URL: https://issues.apache.org/jira/browse/NIFI-5714 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions > Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0, > 1.7.0, 1.7.1 > Reporter: Pierre Villard > Assignee: Pierre Villard > Priority: Major > > In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}} > method, we have: > {code:java} > log.info("Hive Security Enabled, logging in as principal {} with keytab {}", > new Object[] {resolvedPrincipal, resolvedKeytab}); > try { > ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal, > resolvedKeytab); > } catch (AuthenticationFailedException ae) { > log.error(ae.getMessage(), ae); > } > getLogger().info("Successfully logged in as principal {} with keytab {}", new > Object[] {resolvedPrincipal, resolvedKeytab});{code} > Which causes two issues: > * we're logging the successful message even though the authentication failed > * the Hive connection is created using the NiFi user identity (this would > need to be confirmed but that's what I observed during a test - it could be > due to the environment though) > In my opinion, an {{InitializationException}} should be thrown so that the > controller service is not enabled. -- This message was sent by Atlassian JIRA (v7.6.3#76005)