[jira] [Updated] (HIVE-3807) Hive authorization should use short username when Kerberos authentication
[ https://issues.apache.org/jira/browse/HIVE-3807?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Thejas M Nair updated HIVE-3807: Fix Version/s: (was: 0.13.0) 0.12.0 Hive authorization should use short username when Kerberos authentication - Key: HIVE-3807 URL: https://issues.apache.org/jira/browse/HIVE-3807 Project: Hive Issue Type: Improvement Components: Authorization Affects Versions: 0.9.0, 0.10.0 Reporter: Kai Zheng Assignee: Kai Zheng Fix For: 0.12.0 Attachments: HIVE-3807.patch Currently when authentication method is Kerberos,Hive authorization uses user full name as privilege principal, for example, it uses j...@example.com instead of john. It should use the short name instead. The benefits: 1. Be consistent. Hadoop, HBase and etc they all use short name in related ACLs or authorizations. For Hive authorization works well with them, this should be. 2. Be convenient. It's very inconvenient to use the lengthy Kerberos principal name when grant or revoke privileges via Hive CLI. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Updated] (HIVE-3807) Hive authorization should use short username when Kerberos authentication
[ https://issues.apache.org/jira/browse/HIVE-3807?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ashutosh Chauhan updated HIVE-3807: --- Fix Version/s: (was: 0.9.0) Affects Version/s: 0.10.0 Status: Open (was: Patch Available) Tests did pass. However this looks like an incompatible change. Isn't it? These names are stored in metastore. After the change shortName will be compared against long name for users for whom privileges have already been granted. Than check will fail and privileged user will not be allowed to do actions. Workaround will be to grant privileges to such users again with short names. Kai, can you run some tests to verify if the problem which I identified does exist and workaround will actually work. Hive authorization should use short username when Kerberos authentication - Key: HIVE-3807 URL: https://issues.apache.org/jira/browse/HIVE-3807 Project: Hive Issue Type: Improvement Components: Authorization Affects Versions: 0.9.0, 0.10.0 Reporter: Kai Zheng Assignee: Kai Zheng Attachments: HIVE-3807.patch Currently when authentication method is Kerberos,Hive authorization uses user full name as privilege principal, for example, it uses j...@example.com instead of john. It should use the short name instead. The benefits: 1. Be consistent. Hadoop, HBase and etc they all use short name in related ACLs or authorizations. For Hive authorization works well with them, this should be. 2. Be convenient. It's very inconvenient to use the lengthy Kerberos principal name when grant or revoke privileges via Hive CLI. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HIVE-3807) Hive authorization should use short username when Kerberos authentication
[ https://issues.apache.org/jira/browse/HIVE-3807?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ashutosh Chauhan updated HIVE-3807: --- Assignee: Kai Zheng Hive authorization should use short username when Kerberos authentication - Key: HIVE-3807 URL: https://issues.apache.org/jira/browse/HIVE-3807 Project: Hive Issue Type: Improvement Components: Authorization Affects Versions: 0.9.0 Reporter: Kai Zheng Assignee: Kai Zheng Fix For: 0.9.0 Attachments: HIVE-3807.patch Currently when authentication method is Kerberos,Hive authorization uses user full name as privilege principal, for example, it uses j...@example.com instead of john. It should use the short name instead. The benefits: 1. Be consistent. Hadoop, HBase and etc they all use short name in related ACLs or authorizations. For Hive authorization works well with them, this should be. 2. Be convenient. It's very inconvenient to use the lengthy Kerberos principal name when grant or revoke privileges via Hive CLI. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HIVE-3807) Hive authorization should use short username when Kerberos authentication
[ https://issues.apache.org/jira/browse/HIVE-3807?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kai Zheng updated HIVE-3807: Attachment: HIVE-3807.patch Hive authorization should use short username when Kerberos authentication - Key: HIVE-3807 URL: https://issues.apache.org/jira/browse/HIVE-3807 Project: Hive Issue Type: Improvement Components: Authorization Affects Versions: 0.9.0 Reporter: Kai Zheng Attachments: HIVE-3807.patch Currently when authentication method is Kerberos,Hive authorization uses user full name as privilege principal, for example, it uses j...@example.com instead of john. It should use the short name instead. The benefits: 1. Be consistent. Hadoop, HBase and etc they all use short name in related ACLs or authorizations. For Hive authorization works well with them, this should be. 2. Be convenient. It's very inconvenient to use the lengthy Kerberos principal name when grant or revoke privileges via Hive CLI. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HIVE-3807) Hive authorization should use short username when Kerberos authentication
[ https://issues.apache.org/jira/browse/HIVE-3807?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kai Zheng updated HIVE-3807: Fix Version/s: 0.9.0 Status: Patch Available (was: Open) Simple fix. Thanks for review. Hive authorization should use short username when Kerberos authentication - Key: HIVE-3807 URL: https://issues.apache.org/jira/browse/HIVE-3807 Project: Hive Issue Type: Improvement Components: Authorization Affects Versions: 0.9.0 Reporter: Kai Zheng Fix For: 0.9.0 Attachments: HIVE-3807.patch Currently when authentication method is Kerberos,Hive authorization uses user full name as privilege principal, for example, it uses j...@example.com instead of john. It should use the short name instead. The benefits: 1. Be consistent. Hadoop, HBase and etc they all use short name in related ACLs or authorizations. For Hive authorization works well with them, this should be. 2. Be convenient. It's very inconvenient to use the lengthy Kerberos principal name when grant or revoke privileges via Hive CLI. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira