Pierre Villard created NIFI-5714:
------------------------------------
Summary: Hive[3]ConnectionPool - Kerberos Authentication
issue/misleading
Key: NIFI-5714
URL: https://issues.apache.org/jira/browse/NIFI-5714
Project: Apache NiFi
Issue Type: Bug
Components: Extensions
Affects Versions: 1.7.1, 1.7.0, 1.6.0, 1.5.0, 1.4.0, 1.3.0, 1.0.1, 1.1.1,
1.2.0, 1.1.0
Reporter: Pierre Villard
Assignee: Pierre Villard
In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}}
method, we have:
{code:java}
log.info("Hive Security Enabled, logging in as principal {} with keytab {}",
new Object[] {resolvedPrincipal, resolvedKeytab});
try {
ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal,
resolvedKeytab);
} catch (AuthenticationFailedException ae) {
log.error(ae.getMessage(), ae);
}
getLogger().info("Successfully logged in as principal {} with keytab {}", new
Object[] {resolvedPrincipal, resolvedKeytab});{code}
Which causes two issues:
* we're logging the successful message even though the authentication failed
* the Hive connection is created using the NiFi user identity (this would need
to be confirmed but that's what I observed during a test - it could be due to
the environment though)
In my opinion, an {{InitializationException}} should be thrown so that the
controller service is not enabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
