[
https://issues.apache.org/jira/browse/HIVE-10838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
HeeSoo Kim updated HIVE-10838:
------------------------------
Description:
Currently if Hive metastore client (e.g. HS2, oozie) tries to connect the hive
metastore to when security is enabled, the Hive metastore client will fail to
connect with an error like the following:
{code}
2015-05-21 23:17:59,554 ERROR metadata.Hive
(Hive.java:getDelegationToken(2638)) - MetaException(message:Unauthorized
connection for super-user: hiveserver/[email protected] from IP
10.250.16.43)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result.read(ThriftHiveMetastore.java)
at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:78)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_delegation_token(ThriftHiveMetastore.java:3293)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_delegation_token(ThriftHiveMetastore.java:3279)
at
org.apache.hadoop.hive.metastore.HiveMetaStoreClient.getDelegationToken(HiveMetaStoreClient.java:1559)
{code}
This is the case when if Hive metastore client's default IP address is the
different from hostname of the Hive metastore client's kerberos principal. And
the Hive metastore client has multiple IP addresses.
We need to set the bind address when Hive metastore client tries to connect
Hive metastore based on hostname of Kerberos.
was:
Currently if Hive metastore client (e.g. HS2, oozie) tries to connect the hive
metastore to when security is enabled, the Hive metastore client will fail to
connect with an error like the following:
{code}
2015-05-21 23:17:59,554 ERROR metadata.Hive
(Hive.java:getDelegationToken(2638)) - MetaException(message:Unauthorized
connection for super-user:
hiveserver/[email protected] from IP
10.250.16.43)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result.read(ThriftHiveMetastore.java)
at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:78)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_delegation_token(ThriftHiveMetastore.java:3293)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_delegation_token(ThriftHiveMetastore.java:3279)
at
org.apache.hadoop.hive.metastore.HiveMetaStoreClient.getDelegationToken(HiveMetaStoreClient.java:1559)
{code}
This is the case when if Hive metastore client's default IP address is the
different from hostname of the Hive metastore client's kerberos principal. And
the Hive metastore client has multiple IP addresses.
We need to set the bind address when Hive metastore client tries to connect
Hive metastore based on hostname of Kerberos.
> Allow Hive metastore client can use different hostname which has multiple
> hostnames when security is enable
> -----------------------------------------------------------------------------------------------------------
>
> Key: HIVE-10838
> URL: https://issues.apache.org/jira/browse/HIVE-10838
> Project: Hive
> Issue Type: Task
> Reporter: HeeSoo Kim
> Assignee: HeeSoo Kim
>
> Currently if Hive metastore client (e.g. HS2, oozie) tries to connect the
> hive metastore to when security is enabled, the Hive metastore client will
> fail to connect with an error like the following:
> {code}
> 2015-05-21 23:17:59,554 ERROR metadata.Hive
> (Hive.java:getDelegationToken(2638)) - MetaException(message:Unauthorized
> connection for super-user: hiveserver/[email protected] from IP
> 10.250.16.43)
> at
> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
> at
> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
> at
> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result.read(ThriftHiveMetastore.java)
> at
> org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:78)
> at
> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_delegation_token(ThriftHiveMetastore.java:3293)
> at
> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_delegation_token(ThriftHiveMetastore.java:3279)
> at
> org.apache.hadoop.hive.metastore.HiveMetaStoreClient.getDelegationToken(HiveMetaStoreClient.java:1559)
> {code}
> This is the case when if Hive metastore client's default IP address is the
> different from hostname of the Hive metastore client's kerberos principal.
> And the Hive metastore client has multiple IP addresses.
> We need to set the bind address when Hive metastore client tries to connect
> Hive metastore based on hostname of Kerberos.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
