hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pradeep Kamath (JIRA)" <>
Subject [jira] Commented: (HIVE-842) Authentication Infrastructure for Hive
Date Fri, 22 Oct 2010 20:52:25 GMT


Pradeep Kamath commented on HIVE-842:

I looked at the issue of the server requiring restarts with Devaraj Das who worked on Hadoop
security - he suggested a couple of changes (below) and that solved it - the server now does
not need a restart.
Apparenlty UserGroupInformation.loginUserFromKeytabAndReturnUGI() does not set the loginUser
member and UserGroupInformation.loginUserFromKeytab() does. He also suggested another change
with not caching the realUser - both these changes are below:


In the following code 
 private Server(String keytabFile, String principalConf)
 TTransportException {

         realUgi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(
           kerberosName, keytabFile);
         assert realUgi.isFromKeytab();

I had to change above lines to the lines below:

           kerberosName, keytabFile);
         realUgi = UserGroupInformation.getLoginUser();

Likewise in:

      public boolean process(final TProtocol inProt, final TProtocol outProt) throws TException
        TTransport trans = inProt.getTransport();                                        
        UserGroupInformation clientUgi = UserGroupInformation.createProxyUser(           
          authId, realUgi);

I changed the above to:

  UserGroupInformation clientUgi = UserGroupInformation.createProxyUser(
               auhtId, UserGroupInformation.getLoginUser());


> Authentication Infrastructure for Hive
> --------------------------------------
>                 Key: HIVE-842
>                 URL:
>             Project: Hive
>          Issue Type: New Feature
>          Components: Server Infrastructure
>            Reporter: Edward Capriolo
>            Assignee: Todd Lipcon
>         Attachments: hive-842.txt, HiveSecurityThoughts.pdf
> This issue deals with the authentication (user name,password) infrastructure. Not the
authorization components that specify what a user should be able to do.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message