[jira] [Updated] (HIVE-11089) Hive Streaming: connection fails when using a proxy user UGI

Adam Kunicki (JIRA) Tue, 23 Jun 2015 21:30:07 -0700

     [ 
https://issues.apache.org/jira/browse/HIVE-11089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Adam Kunicki updated HIVE-11089:
--------------------------------
    Description: 
HIVE-8427 adds a call to ugi.hasKerberosCredentials() to check whether the 
connection is supposed to be a secure connection.

This however breaks support for Proxy Users as a proxy user UGI will always 
return false to hasKerberosCredentials().

See lines 273, 274 of HiveEndPoint.java
{code}
this.secureMode = ugi==null ? false : ugi.hasKerberosCredentials();
this.msClient = getMetaStoreClient(endPoint, conf, secureMode);
{code}

It also seems that between 13.1 and 0.14 the newConnection() method that 
includes a proxy user has been removed.

for reference: 
https://github.com/apache/hive/commit/8e423a12db47759196c24535fbc32236b79f464a

  was:
HIVE-8427 adds a call to ugi.hasKerberosCredentials() to check whether the 
connection is supposed to be a secure connection.

This however breaks support for Proxy Users as a proxy user UGI will always 
return false to hasKerberosCredentials().

If the goal is to determine whether this is a secure cluster, we could instead 
call:
{code}
this.secureMode = ugi == null ? ugi.getRealAuthenticationMethod() != SIMPLE
{code}

This change would for both proxy users and real users.

See lines 273, 274 of HiveEndPoint.java
{code}
this.secureMode = ugi==null ? false : ugi.hasKerberosCredentials();
this.msClient = getMetaStoreClient(endPoint, conf, secureMode);
{code}

for reference: 
https://github.com/apache/hive/commit/8e423a12db47759196c24535fbc32236b79f464a


> Hive Streaming: connection fails when using a proxy user UGI
> ------------------------------------------------------------
>
>                 Key: HIVE-11089
>                 URL: https://issues.apache.org/jira/browse/HIVE-11089
>             Project: Hive
>          Issue Type: Bug
>          Components: HCatalog
>    Affects Versions: 0.14.0, 1.0.0, 1.2.0
>            Reporter: Adam Kunicki
>              Labels: ACID, Streaming
>
> HIVE-8427 adds a call to ugi.hasKerberosCredentials() to check whether the 
> connection is supposed to be a secure connection.
> This however breaks support for Proxy Users as a proxy user UGI will always 
> return false to hasKerberosCredentials().
> See lines 273, 274 of HiveEndPoint.java
> {code}
> this.secureMode = ugi==null ? false : ugi.hasKerberosCredentials();
> this.msClient = getMetaStoreClient(endPoint, conf, secureMode);
> {code}
> It also seems that between 13.1 and 0.14 the newConnection() method that 
> includes a proxy user has been removed.
> for reference: 
> https://github.com/apache/hive/commit/8e423a12db47759196c24535fbc32236b79f464a



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (HIVE-11089) Hive Streaming: connection fails when using a proxy user UGI

Reply via email to