[
https://issues.apache.org/jira/browse/HIVE-10312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14502944#comment-14502944
]
Mubashir Kazia commented on HIVE-10312:
---------------------------------------
[~aihuaxu] If you are going to use the Hive JDBC driver from any framework that
relies on Delegation tokens to authenticate to HS2 that has SASL.QOP to set to
anything other than "auth" you'll have this issue. In my case it just happened
to be oozie. Yes the driver would work the same with or without oozie. I have
not seen any hive docs that says that QOP should not be set for DIGEST
authentication mechanism. AFAIK Java supports QOP on DIGEST authentication
mechanism, see
http://docs.oracle.com/javase/jndi/tutorial/ldap/security/sasl.html.
> SASL.QOP in JDBC URL is ignored for Delegation token Authentication
> -------------------------------------------------------------------
>
> Key: HIVE-10312
> URL: https://issues.apache.org/jira/browse/HIVE-10312
> Project: Hive
> Issue Type: Bug
> Components: JDBC
> Affects Versions: 1.2.0
> Reporter: Mubashir Kazia
> Fix For: 1.2.0
>
> Attachments: HIVE-10312.1.patch
>
>
> When HS2 is configured for QOP other than auth (auth-int or auth-conf),
> Kerberos client connection works fine when the JDBC URL specifies the
> matching QOP, however when this HS2 is accessed through Oozie (Delegation
> token / Digest authentication), connections fails because the JDBC driver
> ignores the SASL.QOP parameters in the JDBC URL. SASL.QOP setting should be
> valid for DIGEST Auth mech.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
