[ https://issues.apache.org/jira/browse/AMBARI-20760?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anita Gnanamalar Jebaraj updated AMBARI-20760: ---------------------------------------------- Attachment: AMBARI-20760.patch > After pam setup- Hive View user home test fails > ----------------------------------------------- > > Key: AMBARI-20760 > URL: https://issues.apache.org/jira/browse/AMBARI-20760 > Project: Ambari > Issue Type: Bug > Affects Versions: trunk > Reporter: Anita Gnanamalar Jebaraj > Assignee: Anita Gnanamalar Jebaraj > Attachments: AMBARI-20760.patch, error.PNG > > > After setting up PAM, tried to login as PAM user and access hive view, user > home test fails with the error as in screen shot. > This issue was pointed out by [~hkropp] in the jira AMBARI-12263, but was not > incorporated in the code. Pasting the comment from Henning below. > Something we noticed is that in a secured cluster we have issues with the > views, getting the following exception for the Hive view as an example: > Struct:TOpenSessionResp(status:TStatus(statusCode:ERROR_STATUS, > infoMessages:[*org.apache.hive.service.cli.HiveSQLException:Failed to > validate proxy privilege of ambari for > org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@34511119:33:32, > > ..... > sqlState:08S01, errorCode:0, errorMessage:Failed to validate proxy privilege > of ambari for > org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@34511119), > serverProtocolVersion:null) > As you can see it tries to impersonte > "org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@34511119:33:32". > Changing the UsernamePasswordAuthenticationToken from Principal to username > fixes this. > So instead of : > UsernamePasswordAuthenticationToken token = new > UsernamePasswordAuthenticationToken(principal, null, userAuthorities); > We use: > UsernamePasswordAuthenticationToken token = new > UsernamePasswordAuthenticationToken(user.getUserName(), null, > userAuthorities); > What could potential also work is, overriding toString of the principal like: > Principal principal = new Principal() { > @Override > public String getName() { > return user.getUserName(); > } > @Override > public String toString(){ > return user.getUserName().toString(); > } > }; > We did not test this! > As a little side note, I notices you are using String concatenation in your > error logging like this: LOG.error("Message"+ ex.getMessage()) I think the > public void error(String msg, Throwable t); interface would be preferable in > such scenarios, so: LOG.error("Message", ex) -- This message was sent by Atlassian JIRA (v6.3.15#6346)