[
https://issues.apache.org/jira/browse/DRILL-3413?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Venki Korukanti updated DRILL-3413:
-----------------------------------
Attachment: DRILL-3413-1.patch
> Use DIGEST mechanism in creating Hive MetaStoreClient for proxy users when
> SASL authentication is enabled
> ---------------------------------------------------------------------------------------------------------
>
> Key: DRILL-3413
> URL: https://issues.apache.org/jira/browse/DRILL-3413
> Project: Apache Drill
> Issue Type: Bug
> Components: Storage - Hive
> Affects Versions: 1.1.0
> Reporter: Venki Korukanti
> Assignee: Venki Korukanti
> Fix For: 1.1.0
>
> Attachments: DRILL-3413-1.patch
>
>
> Currently we fail to create HiveMetaStoreClient for proxy users when SASL
> authentication is enabled between HiveMeaStore server and clients. We fail to
> create the client because when SASL (kerberos or vendor specific custom SASL
> implementations) is enabled some vendor specific versions of Hive only accept
> DIGEST as the authentication mechanism for proxy client.
> To fix this issue:
> 1. Drillbit need to create a HiveMetaStoreClient with its credentials (these
> are directly credentials and not proxy)
> 2. Whenever Drillbit need to create a HiveMetaStoreClient for proxy user
> (user being impersonated), get the delegation token for proxy user from
> MetaStore server using the Drillbit process user HiveMetaStoreClient. Set
> this delegation token in a new HiveConf object and pass it to
> HiveMetaStoreClient.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
