----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/19599/#review38573 -----------------------------------------------------------
conf/hive-default.xml.template <https://reviews.apache.org/r/19599/#comment70848> fixed - dilli dorai On March 26, 2014, 2:38 a.m., dilli dorai wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/19599/ > ----------------------------------------------------------- > > (Updated March 26, 2014, 2:38 a.m.) > > > Review request for hive, Ashutosh Chauhan, Thejas Nair, and Vaibhav Gumashta. > > > Bugs: HIVE-6697 > https://issues.apache.org/jira/browse/HIVE-6697 > > > Repository: hive-git > > > Description > ------- > > See JIra for description > https://issues.apache.org/jira/browse/HIVE-6697 > > > Diffs > ----- > > common/src/java/org/apache/hadoop/hive/conf/HiveConf.java affcbb4 > conf/hive-default.xml.template 3c3df43 > service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java 6e6a47d > service/src/java/org/apache/hive/service/cli/CLIService.java e31a74e > > service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpCLIService.java > cb01cfd > service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java > 255a165 > shims/0.20/src/main/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java > 9aa555a > > shims/common-secure/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java > d4cddda > shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java > ed951f1 > > Diff: https://reviews.apache.org/r/19599/diff/ > > > Testing > ------- > > ## Verification of enhancement with Beeline/JDBC > > ### Verified the following calls succeeded getting connection, and listig > tables, > when valid spnego.principal and spengo.keytab are specified in hive-site.xml, > and the client has KINITed and has a valid kerberos ticket in cache > > > !connect > jdbc:hive2://hdps.example.com:10001/default;principal=hive/hdps.example....@example.com?hive.server2.transport.mode=http;hive.server2.thrift.http.path=cliservice > dummy dummy-pass org.apache.hive.jdbc.HiveDriver > > > !connect > jdbc:hive2://hdps.example.com:10001/default;principal=HTTP/hdps.example....@example.com?hive.server2.transport.mode=http;hive.server2.thrift.http.path=cliservice > dummy dummy-pass org.apache.hive.jdbc.HiveDriver > > ### Verified the following call succeeded getting connection, and listig > tables, > even if valid spnego.principal or valid spengo.keytab is not specified in > hive-site.xml, > as long as valid hive server2 kerberos principal and keytab are specified in > hive-site.xml, > and the client has KINITed and has a valid kerberos ticket in cache > > !connect > jdbc:hive2://hdps.example.com:10001/default;principal=hive/hdps.example....@example.com?hive.server2.transport.mode=http;hive.server2.thrift.http.path=cliservice > dummy dummy-pass org.apache.hive.jdbc.HiveDriver > > ### Verified the following call failed getting connection, > when valid spnego.principal or valid spengo.keytab is not specified in > hive-site.xml > > !connect > jdbc:hive2://hdps.example.com:10001/default;principal=HTTP/hdps.example....@example.com?hive.server2.transport.mode=http;hive.server2.thrift.http.path=cliservice > dummy dummy-pass org.apache.hive.jdbc.HiveDriver > > ## Verification of enhancement with Apache Knox > > Apache Knox was able to authenticate to hive server 2 as SPNego client using > Apache HttpClient, > and list tables, when correct spnego.principal and spengo.keytab are > specified in hive-site.xml > > Apache Knox was not able to authenticate to hive server 2 as SPNego client > using Apache HttpClient, > when valid spnego.principal or spengo.keytab is not specified in hive-site.xml > > ## Verification of enhancement with curl > > ### when valid spnego.principal and spengo.keytab are specified in > hive-site.xml > and the client has KINITed and has a valid kerberos ticket in cache > > curl -i --negotiate -u : http://hdps.example.com:10001/cliservice > > SPNego authentication succeeded and got a HTTP status code 500, > since we did not end Thrift body content > > ### when valid spnego.principal and spengo.keytab are specified in > hive-site.xml > and the client has not KINITed and does not have a valid kerberos ticket in > cache > > curl -i --negotiate -u : http://hdps.example.com:10001/cliservice > > url -i --negotiate -u : http://hdps.example.com:10001/cliservice > HTTP/1.1 401 Unauthorized > WWW-Authenticate: Negotiate > Content-Type: application/x-thrift;charset=ISO-8859-1 > Content-Length: 69 > Server: Jetty(7.6.0.v20120127) > > Authentication Error: java.lang.reflect.UndeclaredThrowableException > > > Thanks, > > dilli dorai > >
