You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Adam Kunicki (JIRA)" <ji...@apache.org> on 2015/06/24 05:56:43 UTC
[jira] [Updated] (HIVE-11089) Hive Streaming: connection fails when
using a proxy user UGI
[ https://issues.apache.org/jira/browse/HIVE-11089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Adam Kunicki updated HIVE-11089:
--------------------------------
Description:
HIVE-8427 adds a call to ugi.hasKerberosCredentials() to check whether the connection is supposed to be a secure connection.
This however breaks support for Proxy Users as a proxy user UGI will always return false to hasKerberosCredentials().
If the goal is to determine whether this is a secure cluster, we could instead call:
{code}
this.secureMode = ugi == null ? ugi.getRealAuthenticationMethod() != SIMPLE
{code}
This change would for both proxy users and real users.
See lines 273, 274 of HiveEndPoint.java
{code}
this.secureMode = ugi==null ? false : ugi.hasKerberosCredentials();
this.msClient = getMetaStoreClient(endPoint, conf, secureMode);
{code}
for reference: https://github.com/apache/hive/commit/8e423a12db47759196c24535fbc32236b79f464a
was:
HIVE-8427 adds a call to ugi.hasKerberosCredentials() to check whether the connection is supposed to be a secure connection.
This however breaks support for Proxy Users as a proxy user UGI will always return false to hasKerberosCredentials().
> Hive Streaming: connection fails when using a proxy user UGI
> ------------------------------------------------------------
>
> Key: HIVE-11089
> URL: https://issues.apache.org/jira/browse/HIVE-11089
> Project: Hive
> Issue Type: Bug
> Components: HCatalog
> Affects Versions: 0.14.0, 1.0.0, 1.2.0
> Reporter: Adam Kunicki
> Labels: ACID, Streaming
>
> HIVE-8427 adds a call to ugi.hasKerberosCredentials() to check whether the connection is supposed to be a secure connection.
> This however breaks support for Proxy Users as a proxy user UGI will always return false to hasKerberosCredentials().
> If the goal is to determine whether this is a secure cluster, we could instead call:
> {code}
> this.secureMode = ugi == null ? ugi.getRealAuthenticationMethod() != SIMPLE
> {code}
> This change would for both proxy users and real users.
> See lines 273, 274 of HiveEndPoint.java
> {code}
> this.secureMode = ugi==null ? false : ugi.hasKerberosCredentials();
> this.msClient = getMetaStoreClient(endPoint, conf, secureMode);
> {code}
> for reference: https://github.com/apache/hive/commit/8e423a12db47759196c24535fbc32236b79f464a
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)