[
https://issues.apache.org/jira/browse/HIVE-6957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13977462#comment-13977462
]
Thejas M Nair commented on HIVE-6957:
-------------------------------------
The long username is not of any significance within hive. We always use the
short username for all purposes including the owner in metastore.
This patch changes the username that gets set for HS2 purposes, to the short
username.
> SQL authorization does not work with HS2 binary mode and Kerberos auth
> ----------------------------------------------------------------------
>
> Key: HIVE-6957
> URL: https://issues.apache.org/jira/browse/HIVE-6957
> Project: Hive
> Issue Type: Bug
> Components: Authorization, HiveServer2
> Affects Versions: 0.13.0
> Reporter: Thejas M Nair
> Assignee: Thejas M Nair
> Attachments: HIVE-6957.1.patch
>
>
> In HiveServer2, when Kerberos auth and binary transport modes are used, the
> user name that gets passed on to authorization is the long kerberos username.
> The username that is used in grant/revoke statements tend to be the short
> usernames.
> This also fails in authorizing statements that involve URI, as the
> authorization mode checks the file system permissions for given user. It does
> not recognize that the given long username actually owns the file or belongs
> to the group that owns the file.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
