[
https://issues.apache.org/jira/browse/AMBARI-20760?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15991486#comment-15991486
]
Robert Levas edited comment on AMBARI-20760 at 5/1/17 8:38 PM:
---------------------------------------------------------------
[~anitajebaraj]... I think this needs to go into branch-2.5 as well. Please
let me know if you want me to push it there as well.
However, the patch fails to apply into branch-2.5. So a new patch for that
branch will be needed if you want to go this route:
{noformat}
error: patch failed:
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java:78
error:
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java:
patch does not apply
{noformat}
was (Author: rlevas):
[~anitajebaraj]... I think this needs to go into branch-2.5 as well. Please
let me know if you want me to push it there as well.
> After pam setup- Hive View user home test fails
> -----------------------------------------------
>
> Key: AMBARI-20760
> URL: https://issues.apache.org/jira/browse/AMBARI-20760
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: trunk
> Reporter: Anita Gnanamalar Jebaraj
> Assignee: Anita Gnanamalar Jebaraj
> Attachments: AMBARI-20760.patch, AMBARI-20760-updated.patch, error.PNG
>
>
> After setting up PAM, tried to login as PAM user and access hive view, user
> home test fails with the error as in screen shot.
> This issue was pointed out by [~hkropp] in the jira AMBARI-12263, but was not
> incorporated in the code. Pasting the comment from Henning below.
> Something we noticed is that in a secured cluster we have issues with the
> views, getting the following exception for the Hive view as an example:
> Struct:TOpenSessionResp(status:TStatus(statusCode:ERROR_STATUS,
> infoMessages:[*org.apache.hive.service.cli.HiveSQLException:Failed to
> validate proxy privilege of ambari for
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@34511119:33:32,
>
> .....
> sqlState:08S01, errorCode:0, errorMessage:Failed to validate proxy privilege
> of ambari for
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@34511119),
> serverProtocolVersion:null)
> As you can see it tries to impersonte
> "org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@34511119:33:32".
> Changing the UsernamePasswordAuthenticationToken from Principal to username
> fixes this.
> So instead of :
> UsernamePasswordAuthenticationToken token = new
> UsernamePasswordAuthenticationToken(principal, null, userAuthorities);
> We use:
> UsernamePasswordAuthenticationToken token = new
> UsernamePasswordAuthenticationToken(user.getUserName(), null,
> userAuthorities);
> What could potential also work is, overriding toString of the principal like:
> Principal principal = new Principal() {
> @Override
> public String getName() {
> return user.getUserName();
> }
> @Override
> public String toString(){
> return user.getUserName().toString();
> }
> };
> We did not test this!
> As a little side note, I notices you are using String concatenation in your
> error logging like this: LOG.error("Message"+ ex.getMessage()) I think the
> public void error(String msg, Throwable t); interface would be preferable in
> such scenarios, so: LOG.error("Message", ex)
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
