----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/19599/#review38407 -----------------------------------------------------------
conf/hive-default.xml.template <https://reviews.apache.org/r/19599/#comment70550> We should document that this is optional. service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java <https://reviews.apache.org/r/19599/#comment70551> Is it a tab here ? It should be all spaces. Can you also remove the trailing white spaces in the patch (ones that appear in red) ? service/src/java/org/apache/hive/service/cli/CLIService.java <https://reviews.apache.org/r/19599/#comment70553> Since the spenego config is optional and specific to HS2 http mode, we should try the login only if mode is http and the config values for spnego principal is set. service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java <https://reviews.apache.org/r/19599/#comment70555> we should keep it consistent and remove serviceUGI from the method param. service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java <https://reviews.apache.org/r/19599/#comment70650> This warning is going to be printed for every jdbc api call, including the polls. Is there a way to print this only when the client attempts to do spnego auth ? - Thejas Nair On March 25, 2014, 1:23 a.m., dilli dorai wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/19599/ > ----------------------------------------------------------- > > (Updated March 25, 2014, 1:23 a.m.) > > > Review request for hive, Ashutosh Chauhan, Thejas Nair, and Vaibhav Gumashta. > > > Bugs: HIVE-6697 > https://issues.apache.org/jira/browse/HIVE-6697 > > > Repository: hive-git > > > Description > ------- > > See JIra for description > https://issues.apache.org/jira/browse/HIVE-6697 > > > Diffs > ----- > > common/src/java/org/apache/hadoop/hive/conf/HiveConf.java affcbb4 > conf/hive-default.xml.template 3c3df43 > service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java 6e6a47d > service/src/java/org/apache/hive/service/cli/CLIService.java e31a74e > > service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpCLIService.java > cb01cfd > service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java > 255a165 > shims/0.20/src/main/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java > 9aa555a > > shims/common-secure/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java > d4cddda > shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java > ed951f1 > > Diff: https://reviews.apache.org/r/19599/diff/ > > > Testing > ------- > > ## Verification of enhancement with Beeline/JDBC > > ### Verified the following calls succeeded getting connection, and listig > tables, > when valid spnego.principal and spengo.keytab are specified in hive-site.xml, > and the client has KINITed and has a valid kerberos ticket in cache > > > !connect > jdbc:hive2://hdps.example.com:10001/default;principal=hive/hdps.example....@example.com?hive.server2.transport.mode=http;hive.server2.thrift.http.path=cliservice > dummy dummy-pass org.apache.hive.jdbc.HiveDriver > > > !connect > jdbc:hive2://hdps.example.com:10001/default;principal=HTTP/hdps.example....@example.com?hive.server2.transport.mode=http;hive.server2.thrift.http.path=cliservice > dummy dummy-pass org.apache.hive.jdbc.HiveDriver > > ### Verified the following call succeeded getting connection, and listig > tables, > even if valid spnego.principal or valid spengo.keytab is not specified in > hive-site.xml, > as long as valid hive server2 kerberos principal and keytab are specified in > hive-site.xml, > and the client has KINITed and has a valid kerberos ticket in cache > > !connect > jdbc:hive2://hdps.example.com:10001/default;principal=hive/hdps.example....@example.com?hive.server2.transport.mode=http;hive.server2.thrift.http.path=cliservice > dummy dummy-pass org.apache.hive.jdbc.HiveDriver > > ### Verified the following call failed getting connection, > when valid spnego.principal or valid spengo.keytab is not specified in > hive-site.xml > > !connect > jdbc:hive2://hdps.example.com:10001/default;principal=HTTP/hdps.example....@example.com?hive.server2.transport.mode=http;hive.server2.thrift.http.path=cliservice > dummy dummy-pass org.apache.hive.jdbc.HiveDriver > > ## Verification of enhancement with Apache Knox > > Apache Knox was able to authenticate to hive server 2 as SPNego client using > Apache HttpClient, > and list tables, when correct spnego.principal and spengo.keytab are > specified in hive-site.xml > > Apache Knox was not able to authenticate to hive server 2 as SPNego client > using Apache HttpClient, > when valid spnego.principal or spengo.keytab is not specified in hive-site.xml > > ## Verification of enhancement with curl > > ### when valid spnego.principal and spengo.keytab are specified in > hive-site.xml > and the client has KINITed and has a valid kerberos ticket in cache > > curl -i --negotiate -u : http://hdps.example.com:10001/cliservice > > SPNego authentication succeeded and got a HTTP status code 500, > since we did not end Thrift body content > > ### when valid spnego.principal and spengo.keytab are specified in > hive-site.xml > and the client has not KINITed and does not have a valid kerberos ticket in > cache > > curl -i --negotiate -u : http://hdps.example.com:10001/cliservice > > url -i --negotiate -u : http://hdps.example.com:10001/cliservice > HTTP/1.1 401 Unauthorized > WWW-Authenticate: Negotiate > Content-Type: application/x-thrift;charset=ISO-8859-1 > Content-Length: 69 > Server: Jetty(7.6.0.v20120127) > > Authentication Error: java.lang.reflect.UndeclaredThrowableException > > > Thanks, > > dilli dorai > >
