hawq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hongxu Ma (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HAWQ-1485) Use user/password instead of credentials cache in Ranger lookup for HAWQ with Kerberos enabled.
Date Tue, 13 Jun 2017 04:07:01 GMT
Hongxu Ma created HAWQ-1485:
-------------------------------

             Summary: Use user/password instead of credentials cache in Ranger lookup for
HAWQ with Kerberos enabled.
                 Key: HAWQ-1485
                 URL: https://issues.apache.org/jira/browse/HAWQ-1485
             Project: Apache HAWQ
          Issue Type: Sub-task
          Components: Security
            Reporter: Hongxu Ma
            Assignee: Radar Lei
             Fix For: 2.3.0.0-incubating


When used credentials cache:
Try error password in Ranger UI doesn't destroy the existed kerberos credentials (created
by last success kinit command)
It's a strange behavior to user.

So we should use user/password for kerberos authentication.
Core logic:
{code}
        Properties props = new Properties();
        if (connectionProperties.containsKey(AUTHENTICATION) && connectionProperties.get(AUTHENTICATION).equals(KERBEROS))
{
            //kerberos mode
            props.setProperty("kerberosServerName", connectionProperties.get("principal"));
            props.setProperty("jaasApplicationName", "pgjdbc");
        }

        String url = String.format("jdbc:postgresql://%s:%s/%s", connectionProperties.get("hostname"),
connectionProperties.get("port"), db);
        props.setProperty("user", connectionProperties.get("username"));
        props.setProperty("password", connectionProperties.get("password"));

        return DriverManager.getConnection(url, props);
{code}




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message