hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashutosh Chauhan (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode
Date Sat, 03 Dec 2011 00:05:40 GMT

    [ https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13161942#comment-13161942
] 

Ashutosh Chauhan commented on HIVE-2616:
----------------------------------------

Some design notes:

MetaStoreClient makes a (newly introduced) rpc immediately after opening the connection called
set_ugi() which sends ugi information to server. On the server side this patch introduces
new transport called TUGIContainingTransport. This transport simply wraps underlying TSocket
transport and stores UGI with it. Patch also introduces new processor called TUGIBasedProcessor
which extends ThriftHiveMetaStoreProcessor. It annotates underlying transport with ugi information
when first call by metastore client is made. It then subsequently executes following rpc in
context of the ugi. 

Implementation Notes: Requires some shims gymnastics to make it work with both 20 and 20S
shims because UserGroupInformation has changed significantly between two. 
                
> Passing user identity from metastore client to server in non-secure mode
> ------------------------------------------------------------------------
>
>                 Key: HIVE-2616
>                 URL: https://issues.apache.org/jira/browse/HIVE-2616
>             Project: Hive
>          Issue Type: Bug
>          Components: Metastore
>            Reporter: Ashutosh Chauhan
>            Assignee: Ashutosh Chauhan
>         Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch
>
>
> Currently in unsecure mode client don't pass on user identity. As a result hdfs and other
operations done by server gets executed by user running metastore process instead of being
done in context of client. This results in problem as reported here: 
> http://mail-archives.apache.org/mod_mbox/hive-user/201111.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=APA@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message