hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashutosh Chauhan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-4670) Authentication module should pass the instance part of the Kerberos principle
Date Tue, 23 Jul 2013 15:14:48 GMT

    [ https://issues.apache.org/jira/browse/HIVE-4670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13716468#comment-13716468
] 

Ashutosh Chauhan commented on HIVE-4670:
----------------------------------------

Primary usecase for remote user variable is for audit logging. Isn't it useful to have realm
in there as well ?
                
> Authentication module should pass the instance part of the Kerberos principle
> -----------------------------------------------------------------------------
>
>                 Key: HIVE-4670
>                 URL: https://issues.apache.org/jira/browse/HIVE-4670
>             Project: Hive
>          Issue Type: Bug
>          Components: Authentication, HiveServer2
>    Affects Versions: 0.11.0
>            Reporter: Shreepadma Venugopalan
>            Assignee: Shreepadma Venugopalan
>         Attachments: HIVE-4670.2.patch, HIVE-4670.3.patch
>
>
> When Kerberos authentication is enabled for HiveServer2, the thrift SASL layer passes
instance@realm from the principal. It should instead strip the realm and pass just the instance
part of the principal.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message