You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by "Ádám Szita (Jira)" <ji...@apache.org> on 2019/10/16 07:55:00 UTC
[jira] [Created] (HIVE-22354) LLAP status driver may look for
worker registration on 'unsecure' ZK nodes
Ádám Szita created HIVE-22354:
---------------------------------
Summary: LLAP status driver may look for worker registration on 'unsecure' ZK nodes
Key: HIVE-22354
URL: https://issues.apache.org/jira/browse/HIVE-22354
Project: Hive
Issue Type: Bug
Reporter: Ádám Szita
Assignee: Ádám Szita
HIVE-22195 introduced a change in determining secure/unsecure environments:
{code:java}
public static boolean isKerberosEnabled(Configuration conf) {
try {
return UserGroupInformation.getLoginUser().isFromKeytab() &&
HiveConf.getBoolVar(conf, HiveConf.ConfVars.HIVE_ZOOKEEPER_USE_KERBEROS);
} catch (IOException e) {
return false;
}
} {code}
This won't work for cases where the JVM process was started after kinit (e.g. in a launcher shell script), where Kerberos authentication is not 'fromKeytab' but rather 'fromTicket' - it will return false even if we have a successfully authenticated principal.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)