[
https://issues.apache.org/jira/browse/HIVE-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12918689#action_12918689
]
Pradeep Kamath commented on HIVE-842:
-------------------------------------
Hey Todd, I did the changes you mentioned and got it to compile. While trying
to test it out I had to run the metastore as user whose keytab file only had a
"user" principal and not a "service" principal - so I hacked the code in the
patch a little to not check if the principal had the service/h...@realm
structure and I hardcoded the host name into the calls. With all these
machinations I got the server to run and tried running "show tables" and got
the following with loglevel DEBUG (on the client side):
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException:
No valid credentials provided (Mechanism level: Fail to create credential. (63)
- No service creds)]
at
com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:194)
at
org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:95)
at
org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:254)
at
org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:38)
Do you think this is because I don't have a "service" principal in the keytab
used by the metastore?
> Authentication Infrastructure for Hive
> --------------------------------------
>
> Key: HIVE-842
> URL: https://issues.apache.org/jira/browse/HIVE-842
> Project: Hadoop Hive
> Issue Type: New Feature
> Components: Server Infrastructure
> Reporter: Edward Capriolo
> Assignee: Todd Lipcon
> Attachments: hive-842.txt, HiveSecurityThoughts.pdf
>
>
> This issue deals with the authentication (user name,password) infrastructure.
> Not the authorization components that specify what a user should be able to
> do.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
