[
https://issues.apache.org/jira/browse/HIVE-17207?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rey Rey Chang updated HIVE-17207:
---------------------------------
Description:
The logic in getAuthTransFactory() is flawed, as it will always return
"Unsupported authentication type" error when authTypeStr is set to KERBEROS.
inside HiveAuthFactory class.
public TTransportFactory getAuthTransFactory()
throws LoginException
{
TTransportFactory transportFactory;
if (isSASLWithKerberizedHadoop())
{
try
{
serverTransportFactory =
this.saslServer.createSaslServerTransportFactory(
getSaslProperties());
}
catch (TTransportException e)
{
TSaslServerTransport.Factory serverTransportFactory;
throw new LoginException(e.getMessage());
}
TSaslServerTransport.Factory serverTransportFactory;
if (!this.authTypeStr.equalsIgnoreCase(AuthTypes.KERBEROS.getAuthName()))
{
if ((this.authTypeStr.equalsIgnoreCase(AuthTypes.NONE.getAuthName()))
||
(this.authTypeStr.equalsIgnoreCase(AuthTypes.LDAP.getAuthName())) ||
(this.authTypeStr.equalsIgnoreCase(AuthTypes.PAM.getAuthName())) ||
(this.authTypeStr.equalsIgnoreCase(AuthTypes.CUSTOM.getAuthName()))) {
try
{
serverTransportFactory.addServerDefinition("PLAIN",
this.authTypeStr, null, new HashMap(), new
PlainSaslHelper.PlainServerCallbackHandler(this.authTypeStr));
}
catch (AuthenticationException e)
{
throw new LoginException("Error setting callback handler" + e);
}
} else {
throw new LoginException("Unsupported authentication type " +
this.authTypeStr);
}
}
transportFactory =
this.saslServer.wrapTransportFactory(serverTransportFactory);
}
else
{
TTransportFactory transportFactory;
if ((this.authTypeStr.equalsIgnoreCase(AuthTypes.NONE.getAuthName())) ||
(this.authTypeStr.equalsIgnoreCase(AuthTypes.LDAP.getAuthName())) ||
(this.authTypeStr.equalsIgnoreCase(AuthTypes.PAM.getAuthName())) ||
(this.authTypeStr.equalsIgnoreCase(AuthTypes.CUSTOM.getAuthName())))
{
transportFactory =
PlainSaslHelper.getPlainTransportFactory(this.authTypeStr);
}
else
{
TTransportFactory transportFactory;
if (this.authTypeStr.equalsIgnoreCase(AuthTypes.NOSASL.getAuthName())) {
transportFactory = new TTransportFactory();
} else {
throw new LoginException("Unsupported authentication type " +
this.authTypeStr);
}
}
}
TTransportFactory transportFactory;
return transportFactory;
}
was:
The logic in getAuthTransFactory() is flawed, as it will always "Unsupported
authentication type" error when authTypeStr is set to KERBEROS.
inside HiveAuthFactory class.
public TTransportFactory getAuthTransFactory()
throws LoginException
{
TTransportFactory transportFactory;
if (isSASLWithKerberizedHadoop())
{
try
{
serverTransportFactory =
this.saslServer.createSaslServerTransportFactory(
getSaslProperties());
}
catch (TTransportException e)
{
TSaslServerTransport.Factory serverTransportFactory;
throw new LoginException(e.getMessage());
}
TSaslServerTransport.Factory serverTransportFactory;
if (!this.authTypeStr.equalsIgnoreCase(AuthTypes.KERBEROS.getAuthName()))
{
if ((this.authTypeStr.equalsIgnoreCase(AuthTypes.NONE.getAuthName()))
||
(this.authTypeStr.equalsIgnoreCase(AuthTypes.LDAP.getAuthName())) ||
(this.authTypeStr.equalsIgnoreCase(AuthTypes.PAM.getAuthName())) ||
(this.authTypeStr.equalsIgnoreCase(AuthTypes.CUSTOM.getAuthName()))) {
try
{
serverTransportFactory.addServerDefinition("PLAIN",
this.authTypeStr, null, new HashMap(), new
PlainSaslHelper.PlainServerCallbackHandler(this.authTypeStr));
}
catch (AuthenticationException e)
{
throw new LoginException("Error setting callback handler" + e);
}
} else {
throw new LoginException("Unsupported authentication type " +
this.authTypeStr);
}
}
transportFactory =
this.saslServer.wrapTransportFactory(serverTransportFactory);
}
else
{
TTransportFactory transportFactory;
if ((this.authTypeStr.equalsIgnoreCase(AuthTypes.NONE.getAuthName())) ||
(this.authTypeStr.equalsIgnoreCase(AuthTypes.LDAP.getAuthName())) ||
(this.authTypeStr.equalsIgnoreCase(AuthTypes.PAM.getAuthName())) ||
(this.authTypeStr.equalsIgnoreCase(AuthTypes.CUSTOM.getAuthName())))
{
transportFactory =
PlainSaslHelper.getPlainTransportFactory(this.authTypeStr);
}
else
{
TTransportFactory transportFactory;
if (this.authTypeStr.equalsIgnoreCase(AuthTypes.NOSASL.getAuthName())) {
transportFactory = new TTransportFactory();
} else {
throw new LoginException("Unsupported authentication type " +
this.authTypeStr);
}
}
}
TTransportFactory transportFactory;
return transportFactory;
}
> Hiveserver2 fails to start when hive.server2.authentication is set to KERBEROS
> ------------------------------------------------------------------------------
>
> Key: HIVE-17207
> URL: https://issues.apache.org/jira/browse/HIVE-17207
> Project: Hive
> Issue Type: Bug
> Components: Authentication
> Affects Versions: 2.2.0
> Reporter: Rey Rey Chang
>
> The logic in getAuthTransFactory() is flawed, as it will always return
> "Unsupported authentication type" error when authTypeStr is set to KERBEROS.
> inside HiveAuthFactory class.
> public TTransportFactory getAuthTransFactory()
> throws LoginException
> {
> TTransportFactory transportFactory;
> if (isSASLWithKerberizedHadoop())
> {
> try
> {
> serverTransportFactory =
> this.saslServer.createSaslServerTransportFactory(
> getSaslProperties());
> }
> catch (TTransportException e)
> {
> TSaslServerTransport.Factory serverTransportFactory;
> throw new LoginException(e.getMessage());
> }
> TSaslServerTransport.Factory serverTransportFactory;
> if
> (!this.authTypeStr.equalsIgnoreCase(AuthTypes.KERBEROS.getAuthName())) {
> if ((this.authTypeStr.equalsIgnoreCase(AuthTypes.NONE.getAuthName()))
> ||
> (this.authTypeStr.equalsIgnoreCase(AuthTypes.LDAP.getAuthName()))
> ||
> (this.authTypeStr.equalsIgnoreCase(AuthTypes.PAM.getAuthName())) ||
>
> (this.authTypeStr.equalsIgnoreCase(AuthTypes.CUSTOM.getAuthName()))) {
> try
> {
> serverTransportFactory.addServerDefinition("PLAIN",
> this.authTypeStr, null, new HashMap(), new
> PlainSaslHelper.PlainServerCallbackHandler(this.authTypeStr));
> }
> catch (AuthenticationException e)
> {
> throw new LoginException("Error setting callback handler" + e);
> }
> } else {
> throw new LoginException("Unsupported authentication type " +
> this.authTypeStr);
> }
> }
> transportFactory =
> this.saslServer.wrapTransportFactory(serverTransportFactory);
> }
> else
> {
> TTransportFactory transportFactory;
> if ((this.authTypeStr.equalsIgnoreCase(AuthTypes.NONE.getAuthName()))
> ||
> (this.authTypeStr.equalsIgnoreCase(AuthTypes.LDAP.getAuthName())) ||
> (this.authTypeStr.equalsIgnoreCase(AuthTypes.PAM.getAuthName())) ||
> (this.authTypeStr.equalsIgnoreCase(AuthTypes.CUSTOM.getAuthName())))
> {
> transportFactory =
> PlainSaslHelper.getPlainTransportFactory(this.authTypeStr);
> }
> else
> {
> TTransportFactory transportFactory;
> if
> (this.authTypeStr.equalsIgnoreCase(AuthTypes.NOSASL.getAuthName())) {
> transportFactory = new TTransportFactory();
> } else {
> throw new LoginException("Unsupported authentication type " +
> this.authTypeStr);
> }
> }
> }
> TTransportFactory transportFactory;
> return transportFactory;
> }
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
