hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vaibhav Gumashta" <vgumas...@hortonworks.com>
Subject Re: Review Request 20578: HIVE-6957 - SQL authorization does not work with HS2 binary mode and Kerberos auth
Date Fri, 25 Apr 2014 00:29:08 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/20578/#review41424
-----------------------------------------------------------

Ship it!


Ship It!

- Vaibhav Gumashta


On April 24, 2014, 11:21 p.m., Thejas Nair wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/20578/
> -----------------------------------------------------------
> 
> (Updated April 24, 2014, 11:21 p.m.)
> 
> 
> Review request for hive, Ashutosh Chauhan and Vaibhav Gumashta.
> 
> 
> Bugs: HIVE-6957
>     https://issues.apache.org/jira/browse/HIVE-6957
> 
> 
> Repository: hive-git
> 
> 
> Description
> -------
> 
> In HiveServer2, when Kerberos auth and binary transport modes are used, the user name
that gets passed on to authorization is the long kerberos username.
> The username that is used in grant/revoke statements tend to be the short usernames.
> This also fails in authorizing statements that involve URI, as the authorization mode
checks the file system permissions for given user. It does not recognize that the given long
username actually owns the file or belongs to the group that owns the file.
> 
> 
> Diffs
> -----
> 
>   itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/JdbcWithMiniKdcSQLAuth.java
PRE-CREATION 
>   itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/MiniHiveKdc.java f7ec93d

>   itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java
62bfa1e 
>   itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdcSQLAuthBinary.java
PRE-CREATION 
>   itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdcSQLAuthHttp.java
PRE-CREATION 
>   itests/hive-unit/src/main/java/org/apache/hive/jdbc/miniHS2/MiniHS2.java d08bfde 
>   itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestSSL.java 7b85b97 
>   shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
9e296de 
> 
> Diff: https://reviews.apache.org/r/20578/diff/
> 
> 
> Testing
> -------
> 
> Unit test included.
> 
> 
> Thanks,
> 
> Thejas Nair
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message