[ https://issues.apache.org/jira/browse/HAWQ-1485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hongxu Ma reassigned HAWQ-1485: ------------------------------- Assignee: Hongxu Ma (was: Radar Lei) > Use user/password instead of credentials cache in Ranger lookup for HAWQ with > Kerberos enabled. > ----------------------------------------------------------------------------------------------- > > Key: HAWQ-1485 > URL: https://issues.apache.org/jira/browse/HAWQ-1485 > Project: Apache HAWQ > Issue Type: Sub-task > Components: Security > Reporter: Hongxu Ma > Assignee: Hongxu Ma > Fix For: 2.3.0.0-incubating > > > When used credentials cache: > Try error password in Ranger UI doesn't destroy the existed kerberos > credentials (created by last success kinit command) > It's a strange behavior to user. > So we should use user/password for kerberos authentication. > Core logic: > {code} > Properties props = new Properties(); > if (connectionProperties.containsKey(AUTHENTICATION) && > connectionProperties.get(AUTHENTICATION).equals(KERBEROS)) { > //kerberos mode > props.setProperty("kerberosServerName", > connectionProperties.get("principal")); > props.setProperty("jaasApplicationName", "pgjdbc"); > } > String url = String.format("jdbc:postgresql://%s:%s/%s", > connectionProperties.get("hostname"), connectionProperties.get("port"), db); > props.setProperty("user", connectionProperties.get("username")); > props.setProperty("password", connectionProperties.get("password")); > return DriverManager.getConnection(url, props); > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)