[jira] Commented: (HIVE-842) Authentication Infrastructure for Hive

Fri, 22 Oct 2010 13:52:51 -0700 

    [ 
https://issues.apache.org/jira/browse/HIVE-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12924020#action_12924020
 ] 

Pradeep Kamath commented on HIVE-842:
-------------------------------------

I looked at the issue of the server requiring restarts with Devaraj Das who 
worked on Hadoop security - he suggested a couple of changes (below) and that 
solved it - the server now does not need a restart.
Apparenlty UserGroupInformation.loginUserFromKeytabAndReturnUGI() does not set 
the loginUser member and UserGroupInformation.loginUserFromKeytab() does. He 
also suggested another change with not caching the realUser - both these 
changes are below:

{noformat}

In the following code 
 private Server(String keytabFile, String principalConf)
 TTransportException {
 ...

         realUgi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(
           kerberosName, keytabFile);
         assert realUgi.isFromKeytab();

I had to change above lines to the lines below:

         UserGroupInformation.loginUserFromKeytab(
           kerberosName, keytabFile);
         realUgi = UserGroupInformation.getLoginUser();


Likewise in:

      public boolean process(final TProtocol inProt, final TProtocol outProt) 
throws TException {              
        TTransport trans = inProt.getTransport();                               
                               
        ...
        UserGroupInformation clientUgi = UserGroupInformation.createProxyUser(  
                               
          authId, realUgi);

I changed the above to:

  UserGroupInformation clientUgi = UserGroupInformation.createProxyUser(
               auhtId, UserGroupInformation.getLoginUser());

{noformat}

> Authentication Infrastructure for Hive
> --------------------------------------
>
>                 Key: HIVE-842
>                 URL: https://issues.apache.org/jira/browse/HIVE-842
>             Project: Hive
>          Issue Type: New Feature
>          Components: Server Infrastructure
>            Reporter: Edward Capriolo
>            Assignee: Todd Lipcon
>         Attachments: hive-842.txt, HiveSecurityThoughts.pdf
>
>
> This issue deals with the authentication (user name,password) infrastructure. 
> Not the authorization components that specify what a user should be able to 
> do.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to