You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hive.apache.org by "Ádám Szita (Jira)" <ji...@apache.org> on 2019/10/16 07:55:00 UTC

[jira] [Created] (HIVE-22354) LLAP status driver may look for worker registration on 'unsecure' ZK nodes

Ádám Szita created HIVE-22354:
---------------------------------

             Summary: LLAP status driver may look for worker registration on 'unsecure' ZK nodes
                 Key: HIVE-22354
                 URL: https://issues.apache.org/jira/browse/HIVE-22354
             Project: Hive
          Issue Type: Bug
            Reporter: Ádám Szita
            Assignee: Ádám Szita


HIVE-22195 introduced a change in determining secure/unsecure environments:
{code:java}
public static boolean isKerberosEnabled(Configuration conf) {
  try {
    return UserGroupInformation.getLoginUser().isFromKeytab() &&
        HiveConf.getBoolVar(conf, HiveConf.ConfVars.HIVE_ZOOKEEPER_USE_KERBEROS);
  } catch (IOException e) {
    return false;
  }
} {code}
This won't work for cases where the JVM process was started after kinit (e.g. in a launcher shell script), where Kerberos authentication is not 'fromKeytab' but rather 'fromTicket' - it will return false even if we have a successfully authenticated principal.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)