You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hive.apache.org by "HeeSoo Kim (JIRA)" <ji...@apache.org> on 2015/05/28 00:24:17 UTC

[jira] [Created] (HIVE-10838) Allow Hive metastore client can use different hostname which has multiple hostnames when security is enable

HeeSoo Kim created HIVE-10838:
---------------------------------

             Summary: Allow Hive metastore client can use different hostname which has multiple hostnames when security is enable
                 Key: HIVE-10838
                 URL: https://issues.apache.org/jira/browse/HIVE-10838
             Project: Hive
          Issue Type: Task
            Reporter: HeeSoo Kim
            Assignee: HeeSoo Kim


Currently if Hive metastore client (e.g. HS2, oozie) tries to connect the hive metastore to when security is enabled, the Hive metastore client will fail to connect with an error like the following:
{code}
2015-05-21 23:17:59,554 ERROR metadata.Hive (Hive.java:getDelegationToken(2638)) - MetaException(message:Unauthorized connection for super-user: hiveserver/hiveserver-dpci.s3s.altiscale.com@TEST.ALTISCALE.COM from IP 10.250.16.43)
        at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
        at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
        at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result.read(ThriftHiveMetastore.java)
        at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:78)
        at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_delegation_token(ThriftHiveMetastore.java:3293)
        at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_delegation_token(ThriftHiveMetastore.java:3279)
        at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.getDelegationToken(HiveMetaStoreClient.java:1559)
{code}
This is the case when if Hive metastore client's default IP address is the different from hostname of the Hive metastore client's kerberos principal. And the Hive metastore client has multiple IP addresses.
We need to set the bind address when Hive metastore client tries to connect Hive metastore based on hostname of Kerberos.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)