wypoon commented on issue #241: [LIVY-692][THRIFT] Use configured principal for Kerberos authentication URL: https://github.com/apache/incubator-livy/pull/241#issuecomment-539767924 By impersonation, do you mean that the Spark application Livy spawns (to run queries) is run as the user connecting to the Thrift server? I have a user kinit'd, let's say using principal testuser, who connects via beeline to the Thrift server; and the Spark application for the session runs as testuser. If this is what you mean, then impersonation is working. I tested my patch using both binary and http mode. In binary mode, everything works as I expect. In http mode, everything still works, except that on the server side, there are many exceptions logged, due to `Caused by: org.apache.hive.service.auth.HttpAuthenticationException: Authorization header received from the client is empty. ` but they do not cause any failure. I believe these exceptions are an unrelated issue. Without my patch, I am able to connect when using http mode (the same slew of exceptions about the empty authorization header also occur in the server log), but I am unable to connect when using binary mode, due to the error as described in JIRA. Thus I fail to see why you say the existing behavior is correct. This patch fixes the binary mode case, and as far as I can tell, does not break existing behavior. If you think the existing behavior is correct, and that the failure I experience in binary mode is due to some kind of misconfiguration or user error, I'd very much appreciate knowing what configuration I need to correct or what I am missing in my beeline command. Please comment in JIRA with the information.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services