[
https://issues.apache.org/jira/browse/ATLAS-1546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15863318#comment-15863318
]
Nixon Rodrigues edited comment on ATLAS-1546 at 2/13/17 9:02 AM:
-----------------------------------------------------------------
[~gss2002],[~madhan.neethiraj],
I tried running HiveServer2 (Run as end user instead of Hive user) with doAs =
true and tables are created in hive and entities are getting created at Atlas
end.
Also tested HiveCli with doAs = true and it is also working fine and entities
are getting created at Atlas end.
Tested this with *hive_test* user, this user was created with below steps
{noformat}
useradd hive_test
hadoop fs -mkdir /user/hive_test
hadoop fs -chown hive_test /user/hive_test
{noformat}
and principal *hive_test*, created with below steps
{noformat}
kadmin.local
addprinc hive_test/dom...@example.com
exit and then kinit
kinit hive_test/dom...@example.com
{noformat}
was (Author: nixonrodrigues):
[~gss2002],[~madhan.neethiraj],
I tried running HiveServer2 (Run as end user instead of Hive user) with doAs =
true and tables are created in hive and entities are getting created Atlas end.
Also tested HiveCli and it is also working fine and entities are getting
created Atlas end.
Tested this with *hive_test* user, this user was created with below steps
{noformat}
useradd hive_test
hadoop fs -mkdir /user/hive_test
hadoop fs -chown hive_test /user/hive_test
{noformat}
and principal *hive_test*, created with below steps
{noformat}
kadmin.local
addprinc hive_test/dom...@example.com
exit and then kinit
kinit hive_test/dom...@example.com
{noformat}
> Hive hook should choose appropriate JAAS config if host uses kerberos
> ticket-cache
> ----------------------------------------------------------------------------------
>
> Key: ATLAS-1546
> URL: https://issues.apache.org/jira/browse/ATLAS-1546
> Project: Atlas
> Issue Type: Improvement
> Components: atlas-intg
> Affects Versions: 0.7-incubating, 0.8-incubating
> Reporter: Madhan Neethiraj
> Assignee: Nixon Rodrigues
> Fix For: 0.8-incubating
>
> Attachments: ATLAS-1546.1.patch, ATLAS-1546.patch, hiveenviro,
> hiveserver2_log.txt, hs2.log.gz
>
>
> In a kerberized environment, Atlas hook uses JAAS configuration section named
> "KakfaClient" to authenticate with Kafka broker. In a typical Hive deployment
> this configuration section is set to use the keytab and principal of
> HiveServer2 process. The hook running in HiveCLI might fail to authenticate
> with Kafka if the user can't read the configured keytab.
> Given that HiveCLI users would have performed kinit, the hook in HiveCLI
> should use the ticket-cache generated by kinit. When ticket cache is not
> available (for example in HiveServer2), the hook should use the configuration
> provided in KafkaClient JAAS section.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
