You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by "Thejas M Nair (JIRA)" <ji...@apache.org> on 2014/04/22 23:26:15 UTC
[jira] [Commented] (HIVE-6957) SQL authorization does not work with
HS2 binary mode and Kerberos auth
[ https://issues.apache.org/jira/browse/HIVE-6957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13977461#comment-13977461 ]
Thejas M Nair commented on HIVE-6957:
-------------------------------------
A workaround is to use the http transport mode for HS2.
> SQL authorization does not work with HS2 binary mode and Kerberos auth
> ----------------------------------------------------------------------
>
> Key: HIVE-6957
> URL: https://issues.apache.org/jira/browse/HIVE-6957
> Project: Hive
> Issue Type: Bug
> Components: Authorization, HiveServer2
> Affects Versions: 0.13.0
> Reporter: Thejas M Nair
> Assignee: Thejas M Nair
> Attachments: HIVE-6957.1.patch
>
>
> In HiveServer2, when Kerberos auth and binary transport modes are used, the user name that gets passed on to authorization is the long kerberos username.
> The username that is used in grant/revoke statements tend to be the short usernames.
> This also fails in authorizing statements that involve URI, as the authorization mode checks the file system permissions for given user. It does not recognize that the given long username actually owns the file or belongs to the group that owns the file.
--
This message was sent by Atlassian JIRA
(v6.2#6252)