You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "Adam Kunicki (JIRA)" <ji...@apache.org> on 2015/06/24 05:56:43 UTC

[jira] [Updated] (HIVE-11089) Hive Streaming: connection fails when using a proxy user UGI

     [ https://issues.apache.org/jira/browse/HIVE-11089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Adam Kunicki updated HIVE-11089:
--------------------------------
    Description: 
HIVE-8427 adds a call to ugi.hasKerberosCredentials() to check whether the connection is supposed to be a secure connection.

This however breaks support for Proxy Users as a proxy user UGI will always return false to hasKerberosCredentials().

If the goal is to determine whether this is a secure cluster, we could instead call:
{code}
this.secureMode = ugi == null ? ugi.getRealAuthenticationMethod() != SIMPLE
{code}

This change would for both proxy users and real users.

See lines 273, 274 of HiveEndPoint.java
{code}
this.secureMode = ugi==null ? false : ugi.hasKerberosCredentials();
this.msClient = getMetaStoreClient(endPoint, conf, secureMode);
{code}

for reference: https://github.com/apache/hive/commit/8e423a12db47759196c24535fbc32236b79f464a

  was:
HIVE-8427 adds a call to ugi.hasKerberosCredentials() to check whether the connection is supposed to be a secure connection.

This however breaks support for Proxy Users as a proxy user UGI will always return false to hasKerberosCredentials().


> Hive Streaming: connection fails when using a proxy user UGI
> ------------------------------------------------------------
>
>                 Key: HIVE-11089
>                 URL: https://issues.apache.org/jira/browse/HIVE-11089
>             Project: Hive
>          Issue Type: Bug
>          Components: HCatalog
>    Affects Versions: 0.14.0, 1.0.0, 1.2.0
>            Reporter: Adam Kunicki
>              Labels: ACID, Streaming
>
> HIVE-8427 adds a call to ugi.hasKerberosCredentials() to check whether the connection is supposed to be a secure connection.
> This however breaks support for Proxy Users as a proxy user UGI will always return false to hasKerberosCredentials().
> If the goal is to determine whether this is a secure cluster, we could instead call:
> {code}
> this.secureMode = ugi == null ? ugi.getRealAuthenticationMethod() != SIMPLE
> {code}
> This change would for both proxy users and real users.
> See lines 273, 274 of HiveEndPoint.java
> {code}
> this.secureMode = ugi==null ? false : ugi.hasKerberosCredentials();
> this.msClient = getMetaStoreClient(endPoint, conf, secureMode);
> {code}
> for reference: https://github.com/apache/hive/commit/8e423a12db47759196c24535fbc32236b79f464a



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)