You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Oliver Draese (JIRA)" <ji...@apache.org> on 2019/06/24 20:49:00 UTC
[jira] [Commented] (HIVE-15177) Authentication with hive fails when
kerberos auth type is set to fromSubject and principal contains _HOST
[ https://issues.apache.org/jira/browse/HIVE-15177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16871769#comment-16871769 ]
Oliver Draese commented on HIVE-15177:
--------------------------------------
[https://github.com/apache/hive/pull/686]
> Authentication with hive fails when kerberos auth type is set to fromSubject and principal contains _HOST
> ---------------------------------------------------------------------------------------------------------
>
> Key: HIVE-15177
> URL: https://issues.apache.org/jira/browse/HIVE-15177
> Project: Hive
> Issue Type: Bug
> Components: Authentication
> Reporter: Subrahmanya
> Assignee: Oliver Draese
> Priority: Major
> Fix For: 3.1.1
>
> Attachments: HIVE-15177.patch
>
>
> Authentication with hive fails when kerberos auth type is set to fromSubject and principal contains _HOST.
> When auth type is set to fromSubject, _HOST in principal is not resolved to the actual host name even though the correct host name is available. This leads to connection failure. If auth type is not set to fromSubject host resolution is done correctly.
> The problem is in getKerberosTransport method of org.apache.hive.service.auth.KerberosSaslHelper class. When assumeSubject is true host name in the principal is not resolved. When it is false, host name is passed on to HadoopThriftAuthBridge, which takes care of resolving the parameter.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)