yuqi1129 commented on code in PR #3852:
URL: https://github.com/apache/gravitino/pull/3852#discussion_r1668067258
##########
catalogs/catalog-hadoop/src/main/java/com/datastrato/gravitino/catalog/hadoop/HadoopCatalogOperations.java:
##########
@@ -125,20 +168,20 @@ public void initialize(
private void initAuthentication(Map<String, String> conf, Configuration
hadoopConf) {
AuthenticationConfig config = new AuthenticationConfig(conf);
- String authType = config.getAuthType();
- if (StringUtils.equalsIgnoreCase(authType,
AuthenticationMethod.KERBEROS.name())) {
- hadoopConf.set(
- HADOOP_SECURITY_AUTHENTICATION,
- AuthenticationMethod.KERBEROS.name().toLowerCase(Locale.ROOT));
- UserGroupInformation.setConfiguration(hadoopConf);
- try {
- KerberosClient kerberosClient = new KerberosClient(conf, hadoopConf);
- File keytabFile =
kerberosClient.saveKeyTabFileFromUri(catalogInfo.id());
- this.kerberosRealm =
kerberosClient.login(keytabFile.getAbsolutePath());
- } catch (IOException e) {
- throw new RuntimeException("Failed to login with Kerberos", e);
- }
+ if (config.isKerberosAuth()) {
+ this.kerberosRealm =
+ initKerberos(
+ conf, hadoopConf, NameIdentifier.of(catalogInfo.namespace(),
catalogInfo.name()));
+ } else if (config.isSimpleAuth()) {
+ // TODO: change the user 'datastrato' to 'anonymous' and uncomment the
following code;
+ // uncomment the following code after the user 'datastrato' is removed
from the codebase.
+ // for more, please see
https://github.com/datastrato/gravitino/issues/4013
+ // UserGroupInformation u =
+ //
UserGroupInformation.createRemoteUser(PrincipalUtils.getCurrentUserName());
+ // userInfoMap.put(
+ // NameIdentifier.of(catalogInfo.namespace(), catalogInfo.name()),
+ // UserInfo.of(u, false, null, null));
Review Comment:
We have reached an agreement that sub-entities use the parent's
authentication if no authentication is set. When the catalog authentication is
simple, schema or fileset will use the default user `anonymous` to access HDFS.
so
- Whether we need to keep these changes.
- Change the default user name in the Docker image for Hive. (NOT advised by
@xunliu )
Before #4013 or something similar is resolved, I think these changes should
be commented.
> Is the prerequisite pull request merged?
Not really, @xunliu is not suggested to do so. What about changing the
default user name `anonymous` to `datastrato`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
