[jira] [Commented] (HIVE-11089) Hive Streaming: connection fails when using a proxy user UGI

Wed, 05 Aug 2015 15:52:51 -0700 

    [ 
https://issues.apache.org/jira/browse/HIVE-11089?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14659125#comment-14659125
 ] 

Roshan Naik commented on HIVE-11089:
------------------------------------


- That 'proxyUser' string argument was a parameter to a private method prior to 
kerberos support. it was never exposed externally and always set to null 
internally. At the time the thought was to support proxying but it never got 
fully tested. So I think i pulled it from the public interface very late in the 
dev cycle and did not reflect that in the wiki. I just updated the wiki.

- With introduction of kerberos support, the internal 'proxyUser' was dropped, 
and UGI based 'authenticatedUser' argument  was exposed publicly ... in a new 
overload for newConnection(). So to acquire connection as a user other than 
process user, kerberos will be needed.

- Wiki has a secure/kerberos example at the bottom. that should work.  API 
reference is in the Java Docs http://hive.apache.org/javadocs/r1.2.1/api/.   
References to proxyUser in the javadocs need to be fixed.

> Hive Streaming: connection fails when using a proxy user UGI
> ------------------------------------------------------------
>
>                 Key: HIVE-11089
>                 URL: https://issues.apache.org/jira/browse/HIVE-11089
>             Project: Hive
>          Issue Type: Bug
>          Components: HCatalog
>    Affects Versions: 0.14.0, 1.0.0, 1.2.0
>            Reporter: Adam Kunicki
>              Labels: ACID, Streaming
>
> HIVE-7508 "Add Kerberos Support" seems to also remove the ability to specify 
> a proxy user.
> HIVE-8427 adds a call to ugi.hasKerberosCredentials() to check whether the 
> connection is supposed to be a secure connection.
> This however breaks support for Proxy Users as a proxy user UGI will always 
> return false to hasKerberosCredentials().
> See lines 273, 274 of HiveEndPoint.java
> {code}
> this.secureMode = ugi==null ? false : ugi.hasKerberosCredentials();
> this.msClient = getMetaStoreClient(endPoint, conf, secureMode);
> {code}
> It also seems that between 13.1 and 0.14 the newConnection() method that 
> includes a proxy user has been removed.
> for reference: 
> https://github.com/apache/hive/commit/8e423a12db47759196c24535fbc32236b79f464a



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to