You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Ádám Szita (Jira)" <ji...@apache.org> on 2019/10/22 09:49:00 UTC
[jira] [Updated] (HIVE-22354) LLAP status driver may look for
worker registration on 'unsecure' ZK nodes
[ https://issues.apache.org/jira/browse/HIVE-22354?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ádám Szita updated HIVE-22354:
------------------------------
Status: Patch Available (was: In Progress)
> LLAP status driver may look for worker registration on 'unsecure' ZK nodes
> --------------------------------------------------------------------------
>
> Key: HIVE-22354
> URL: https://issues.apache.org/jira/browse/HIVE-22354
> Project: Hive
> Issue Type: Bug
> Reporter: Ádám Szita
> Assignee: Ádám Szita
> Priority: Major
> Attachments: HIVE-22354.0.patch
>
>
> HIVE-22195 introduced a change in determining secure/unsecure environments:
> {code:java}
> public static boolean isKerberosEnabled(Configuration conf) {
> try {
> return UserGroupInformation.getLoginUser().isFromKeytab() &&
> HiveConf.getBoolVar(conf, HiveConf.ConfVars.HIVE_ZOOKEEPER_USE_KERBEROS);
> } catch (IOException e) {
> return false;
> }
> } {code}
> This won't work for cases where the JVM process was started after kinit (e.g. in a launcher shell script), where Kerberos authentication is not 'fromKeytab' but rather 'fromTicket' - it will return false even if we have a successfully authenticated principal.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)