Return-Path: 
 <dev-return-14634-apmail-drill-dev-archive=drill.apache.org@drill.apache.org>
X-Original-To: apmail-drill-dev-archive@www.apache.org
Delivered-To: apmail-drill-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id F1F7618673
	for <apmail-drill-dev-archive@www.apache.org>;
 Sun, 28 Jun 2015 18:38:04 +0000 (UTC)
Received: (qmail 72752 invoked by uid 500); 28 Jun 2015 18:38:04 -0000
Delivered-To: apmail-drill-dev-archive@drill.apache.org
Received: (qmail 72697 invoked by uid 500); 28 Jun 2015 18:38:04 -0000
Mailing-List: contact dev-help@drill.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@drill.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@drill.apache.org>
List-Post: <mailto:dev@drill.apache.org>
List-Id: <dev.drill.apache.org>
Reply-To: dev@drill.apache.org
Delivered-To: mailing list dev@drill.apache.org
Received: (qmail 72654 invoked by uid 99); 28 Jun 2015 18:38:04 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 28 Jun 2015 18:38:04 +0000
Date: Sun, 28 Jun 2015 18:38:04 +0000 (UTC)
From: "Venki Korukanti (JIRA)" <jira@apache.org>
To: dev@drill.apache.org
Message-ID: <JIRA.12841197.1435516665000.39108.1435516684672@Atlassian.JIRA>
In-Reply-To: <JIRA.12841197.1435516665000@Atlassian.JIRA>
References: <JIRA.12841197.1435516665000@Atlassian.JIRA>
 <JIRA.12841197.1435516665907@arcas>
Subject: [jira] [Created] (DRILL-3413) Use DIGEST mechanism in creating Hive
 MetaStoreClient for proxy users when SASL authentication is enabled
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394

Venki Korukanti created DRILL-3413:
--------------------------------------

             Summary: Use DIGEST mechanism in creating Hive MetaStoreClient for proxy users when SASL authentication is enabled
                 Key: DRILL-3413
                 URL: https://issues.apache.org/jira/browse/DRILL-3413
             Project: Apache Drill
          Issue Type: Bug
          Components: Storage - Hive
    Affects Versions: 1.1.0
            Reporter: Venki Korukanti
            Assignee: Venki Korukanti
             Fix For: 1.1.0


Currently we fail to create HiveMetaStoreClient for proxy users when SASL authentication is enabled between HiveMeaStore server and clients. We fail to create the client because when SASL (kerberos or vendor specific custom SASL implementations) is enabled some vendor specific versions of Hive only accept DIGEST as the authentication mechanism for proxy client.

To fix this issue:
1. Drillbit need to create a HiveMetaStoreClient with its credentials (these are directly credentials and not proxy)
2. Whenever Drillbit need to create a HiveMetaStoreClient for proxy user (user being impersonated), get the delegation token for proxy user from MetaStore server using the Drillbit process user HiveMetaStoreClient. Set this delegation token in a new HiveConf object and pass it to HiveMetaStoreClient.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)