That's right, Thomas. The delegation tokens are issued by the metastore, and used by the commit-task at the end of the job for committing the partitions in the metastore. A client will fail the authentication at the server if the latter doesn't know about the token.
On Sep 1, 2011, at 1:38 PM, Thomas Weise wrote: > I assume it is the delegation token support added in 0.7 that needs to be > looked at? > > https://issues.apache.org/jira/browse/HIVE-1696 > > > On Sep 1, 2011, at 12:45 PM, Thomas Weise wrote: > >> Alan, >> >> Can you explain a bit more where and why security tokens are kept on the >> Thrift server? >> >> The communication to the metastore server through Thrift/SASL would use >> Kerberos, is it correct that this part is stateless, i.e. the next call >> going to another instance would repeat the Kerberos authentication and no >> state needs to be tracked for the API access? >> >> Is the token tracking related to authentication of the Thrift metastore >> server to other services? >> >> Thomas >> >> >> On Sep 1, 2011, at 10:40 AM, Alan Gates wrote: >> >>> The Thrift server that HCatalog uses to service metastore requests is the >>> other SPOF in HCat. In unsecure mode it does not track state and so >>> starting two servers and putting them behind a VIP should be fine. >>> However, to my knowledge no one has tested this setup and if you are >>> thinking of using it you should test it before you buy hardware, make >>> installation plans, etc. >>> >>> In secure mode some of the security tokens are kept on the Thrift servers, >>> and thus you cannot use a VIP server in a round robin fashion. If you >>> could set it up such that the same client went to the same server for the >>> duration of their kerberos tickets then I think it would work (again, test >>> this, as no one has as far as I know). In this scenario fail over would >>> not be seamless for users who were talking to the failed server. They >>> would get authentication errors when they failed over and would be forced >>> to restart. >>> >>> Alan. >>> >>> On Aug 31, 2011, at 7:11 PM, Thomas Weise wrote: >>> >>>> Hello, >>>> >>>> I'm looking into HA support for hcatalog. We are going to have HA support >>>> at the metastore RDBMS level. Beyond that, which areas of the server need >>>> to be looked at to accomplish failover running multiple hcatalog servers >>>> with a VIP? >>>> >>>> What state outside the database is maintained by hcatalog that needs to be >>>> available to other instances to accomplish a VIP based failover in secure >>>> deployment? >>>> >>>> Thanks! >>>> Thomas >>>> >>>> >>> >> >
