hadoop-hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pradeep Kamath (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HIVE-842) Authentication Infrastructure for Hive
Date Wed, 06 Oct 2010 21:09:35 GMT

    [ https://issues.apache.org/jira/browse/HIVE-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12918689#action_12918689
] 

Pradeep Kamath commented on HIVE-842:
-------------------------------------

Hey Todd, I did the changes you mentioned and got it to compile. While trying to test it out
I had to run the metastore as user whose keytab file only had a "user" principal and not a
"service" principal - so I hacked the code in the patch a little to not check if the principal
had the service/host@realm structure and I hardcoded the host name into the calls. With all
these machinations I got the server to run and tried running "show tables" and got the following
with loglevel DEBUG (on the client side):

javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials
provided (Mechanism level: Fail to create credential. (63) - No service creds)]
        at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:194)
        at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:95)
        at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:254)
        at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:38)

Do you think this is because I don't have a "service" principal in the keytab used by the
metastore? 

> Authentication Infrastructure for Hive
> --------------------------------------
>
>                 Key: HIVE-842
>                 URL: https://issues.apache.org/jira/browse/HIVE-842
>             Project: Hadoop Hive
>          Issue Type: New Feature
>          Components: Server Infrastructure
>            Reporter: Edward Capriolo
>            Assignee: Todd Lipcon
>         Attachments: hive-842.txt, HiveSecurityThoughts.pdf
>
>
> This issue deals with the authentication (user name,password) infrastructure. Not the
authorization components that specify what a user should be able to do.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message