hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shreepadma Venugopalan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-4670) Authentication module should pass the instance part of the Kerberos principle
Date Tue, 24 Sep 2013 20:31:07 GMT

    [ https://issues.apache.org/jira/browse/HIVE-4670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13776709#comment-13776709
] 

Shreepadma Venugopalan commented on HIVE-4670:
----------------------------------------------

Apologies for not responding sooner. We need this for integrating Sentry with Hive. Users
of Sentry prefer to mention the username without the realm when grating privileges.
                
> Authentication module should pass the instance part of the Kerberos principle
> -----------------------------------------------------------------------------
>
>                 Key: HIVE-4670
>                 URL: https://issues.apache.org/jira/browse/HIVE-4670
>             Project: Hive
>          Issue Type: Bug
>          Components: Authentication, HiveServer2
>    Affects Versions: 0.11.0
>            Reporter: Shreepadma Venugopalan
>            Assignee: Shreepadma Venugopalan
>         Attachments: HIVE-4670.2.patch, HIVE-4670.3.patch
>
>
> When Kerberos authentication is enabled for HiveServer2, the thrift SASL layer passes
instance@realm from the principal. It should instead strip the realm and pass just the instance
part of the principal.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message