ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <>
Subject [jira] [Commented] (AMBARI-20760) After pam setup- Hive View user home test fails
Date Mon, 01 May 2017 22:09:04 GMT


Hadoop QA commented on AMBARI-20760:

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment
  against trunk revision .

    {color:red}-1 patch{color}.  The patch command could not apply the patch.

Console output:

This message is automatically generated.

> After pam setup- Hive View user home test fails
> -----------------------------------------------
>                 Key: AMBARI-20760
>                 URL:
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: trunk
>            Reporter: Anita Gnanamalar Jebaraj
>            Assignee: Anita Gnanamalar Jebaraj
>         Attachments: AMBARI-20760-Branch2.5.patch, AMBARI-20760.patch, AMBARI-20760-updated.patch,
> After setting up PAM, tried to login as PAM user and access hive view, user home test
fails with the error as in screen shot.
> This issue was pointed out by [~hkropp] in the jira AMBARI-12263, but was not incorporated
in the code. Pasting the comment from Henning below.
> Something we noticed is that in a secured cluster we have issues with the views, getting
the following exception for the Hive view as an example:
> Struct:TOpenSessionResp(status:TStatus(statusCode:ERROR_STATUS, infoMessages:[*org.apache.hive.service.cli.HiveSQLException:Failed
to validate proxy privilege of ambari for$1@34511119:33:32,

> .....
> sqlState:08S01, errorCode:0, errorMessage:Failed to validate proxy privilege of ambari
> As you can see it tries to impersonte "$1@34511119:33:32".
Changing the UsernamePasswordAuthenticationToken from Principal to username fixes this.
> So instead of :
> UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(principal,
null, userAuthorities);
> We use:
> UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getUserName(),
null, userAuthorities);
> What could potential also work is, overriding toString of the principal like:
> Principal principal = new Principal() {
>                     @Override
>                     public String getName() {
>                         return user.getUserName();
>                     }
>                     @Override
>                     public String toString(){
>                         return user.getUserName().toString();
>                     }
>                 };
> We did not test this!
> As a little side note, I notices you are using String concatenation in your error logging
like this: LOG.error("Message"+ ex.getMessage()) I think the public void error(String msg,
Throwable t); interface would be preferable in such scenarios, so: LOG.error("Message", ex)

This message was sent by Atlassian JIRA

View raw message