hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pradeep Kamath (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HIVE-842) Authentication Infrastructure for Hive
Date Fri, 22 Oct 2010 20:52:25 GMT

    [ https://issues.apache.org/jira/browse/HIVE-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12924020#action_12924020
] 

Pradeep Kamath commented on HIVE-842:
-------------------------------------

I looked at the issue of the server requiring restarts with Devaraj Das who worked on Hadoop
security - he suggested a couple of changes (below) and that solved it - the server now does
not need a restart.
Apparenlty UserGroupInformation.loginUserFromKeytabAndReturnUGI() does not set the loginUser
member and UserGroupInformation.loginUserFromKeytab() does. He also suggested another change
with not caching the realUser - both these changes are below:

{noformat}

In the following code 
 private Server(String keytabFile, String principalConf)
 TTransportException {
 ...

         realUgi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(
           kerberosName, keytabFile);
         assert realUgi.isFromKeytab();

I had to change above lines to the lines below:

         UserGroupInformation.loginUserFromKeytab(
           kerberosName, keytabFile);
         realUgi = UserGroupInformation.getLoginUser();


Likewise in:

      public boolean process(final TProtocol inProt, final TProtocol outProt) throws TException
{              
        TTransport trans = inProt.getTransport();                                        
                     
	...
        UserGroupInformation clientUgi = UserGroupInformation.createProxyUser(           
                     
          authId, realUgi);

I changed the above to:

  UserGroupInformation clientUgi = UserGroupInformation.createProxyUser(
               auhtId, UserGroupInformation.getLoginUser());

{noformat}

> Authentication Infrastructure for Hive
> --------------------------------------
>
>                 Key: HIVE-842
>                 URL: https://issues.apache.org/jira/browse/HIVE-842
>             Project: Hive
>          Issue Type: New Feature
>          Components: Server Infrastructure
>            Reporter: Edward Capriolo
>            Assignee: Todd Lipcon
>         Attachments: hive-842.txt, HiveSecurityThoughts.pdf
>
>
> This issue deals with the authentication (user name,password) infrastructure. Not the
authorization components that specify what a user should be able to do.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message