hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thejas M Nair (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HIVE-6957) SQL authorization does not work with HS2 binary mode and Kerberos auth
Date Mon, 28 Apr 2014 22:11:15 GMT

     [ https://issues.apache.org/jira/browse/HIVE-6957?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Thejas M Nair updated HIVE-6957:
--------------------------------

       Resolution: Fixed
    Fix Version/s: 0.14.0
           Status: Resolved  (was: Patch Available)

Patch committed to trunk. Thanks for the review Vaibhav!


> SQL authorization does not work with HS2 binary mode and Kerberos auth
> ----------------------------------------------------------------------
>
>                 Key: HIVE-6957
>                 URL: https://issues.apache.org/jira/browse/HIVE-6957
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization, HiveServer2
>    Affects Versions: 0.13.0
>            Reporter: Thejas M Nair
>            Assignee: Thejas M Nair
>             Fix For: 0.14.0
>
>         Attachments: HIVE-6957.04-branch.0.13.patch, HIVE-6957.1.patch, HIVE-6957.2.patch,
HIVE-6957.3.patch, HIVE-6957.4.patch
>
>
> In HiveServer2, when Kerberos auth and binary transport modes are used, the user name
that gets passed on to authorization is the long kerberos username.
> The username that is used in grant/revoke statements tend to be the short usernames.
> This also fails in authorizing statements that involve URI, as the authorization mode
checks the file system permissions for given user. It does not recognize that the given long
username actually owns the file or belongs to the group that owns the file.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message