Re: [PR] HIVE-29138: Authentication failure when connecting to Kerberized ZooK… [hive]

via GitHub Tue, 19 Aug 2025 08:56:27 -0700


deniskuzZ commented on code in PR #6024:
URL: https://github.com/apache/hive/pull/6024#discussion_r2285692472



##########
jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java:
##########
@@ -128,6 +126,13 @@ private static CuratorFramework 
getZkClient(JdbcConnectionParams connParams) thr
                 connParams.getZookeeperTrustStoreLocation(),
                 connParams.getZookeeperTrustStorePassword(), 
connParams.getZookeeperTrustStoreType()))
             .build();
+
+    Map<String, String> sessionVars = connParams.getSessionVars();
+    // If the client is requesting the Kerberos, then the ZooKeeper is mostly 
Kerberos-secured
+    if (sessionVars.containsKey(JdbcConnectionParams.AUTH_PRINCIPAL) &&
+        
Boolean.parseBoolean(sessionVars.getOrDefault(HiveConf.ConfVars.HIVE_ZOOKEEPER_USE_KERBEROS.varname,
 "true"))) {

Review Comment:
   Do we expect HIVE_ZOOKEEPER_USE_KERBEROS by default? Wonder if we should get 
default from Hive conf?



##########
jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java:
##########
@@ -128,6 +126,13 @@ private static CuratorFramework 
getZkClient(JdbcConnectionParams connParams) thr
                 connParams.getZookeeperTrustStoreLocation(),
                 connParams.getZookeeperTrustStorePassword(), 
connParams.getZookeeperTrustStoreType()))
             .build();
+
+    Map<String, String> sessionVars = connParams.getSessionVars();
+    // If the client is requesting the Kerberos, then the ZooKeeper is mostly 
Kerberos-secured
+    if (sessionVars.containsKey(JdbcConnectionParams.AUTH_PRINCIPAL) &&
+        
Boolean.parseBoolean(sessionVars.getOrDefault(HiveConf.ConfVars.HIVE_ZOOKEEPER_USE_KERBEROS.varname,
 "true"))) {

Review Comment:
   Wonder if we should get default from Hive conf?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [PR] HIVE-29138: Authentication failure when connecting to Kerberized ZooK… [hive]

Reply via email to