[jira] [Commented] (HIVE-16708) Exception while renewing a Delegation Token

Wed, 29 Nov 2017 14:08:24 -0800 

    [ 
https://issues.apache.org/jira/browse/HIVE-16708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16271619#comment-16271619
 ] 

Vihang Karajgaonkar commented on HIVE-16708:
--------------------------------------------

Implementation Note for future reference: 

UserGroupInformation.getCurrentUser().getShortUserName() uses 
HadoopKerberosName.getShortName() so it should evaluate the shortname using the 
{{hadoop.security.auth_to_local}} rules when and if its configured for HS2 or 
HMS.

Patch committed to master and branch-2. Thanks for the review [~aihuaxu]

> Exception while renewing a Delegation Token
> -------------------------------------------
>
>                 Key: HIVE-16708
>                 URL: https://issues.apache.org/jira/browse/HIVE-16708
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Manikumar
>            Assignee: Vihang Karajgaonkar
>         Attachments: HIVE-16708.01-branch-2.patch, HIVE-16708.02.patch, 
> HIVE-16708.03.patch
>
>
> I am adding support to Storm Hive Bolt to access Hive meta-store using 
> delegation tokens. I am able to create and cancel delegation tokens using 
> HCatClient. I am getting below exception while renewing a delegation token.
> Exception:
> org.apache.hive.hcatalog.common.HCatException: 
> org.apache.hive.hcatalog.common.HCatException : 9001 : Exception occurred 
> while processing HCat request : MetaException while renewing delegation 
> token.. Cause : MetaException(message:hive/test.cluster....@example.com tries 
> to renew a token with renewer hive)
>       at 
> org.apache.hive.hcatalog.api.HCatClientHMSImpl.renewDelegationToken(HCatClientHMSImpl.java:643)
>  ~[hive-webhcat-java-client-0.14.0.jar:0.14.0]
>       
> Hadoop's AbstractDelegationTokenIdentifier sets the renewer to Kerberos short 
> name but HCatCleint.renewDelegationToken uses the fullName. This causes the 
> renewal to fail.
> Relevant parts of code: 
> https://github.com/apache/hive/blob/master/shims/common/src/main/java/org/apache/hadoop/hive/thrift/DelegationTokenSecretManager.java#L96
> https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java#L105
> Let me know If I am missing something. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to