hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mohit Sabharwal (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HIVE-8916) Handle user@domain username under LDAP authentication
Date Wed, 19 Nov 2014 20:31:33 GMT
Mohit Sabharwal created HIVE-8916:
-------------------------------------

             Summary: Handle user@domain username under LDAP authentication
                 Key: HIVE-8916
                 URL: https://issues.apache.org/jira/browse/HIVE-8916
             Project: Hive
          Issue Type: Bug
          Components: Authentication
            Reporter: Mohit Sabharwal
            Assignee: Mohit Sabharwal


If LDAP is configured with multiple domains for authentication, users can be in different
domains.

Currently, LdapAuthenticationProviderImpl blindly appends the domain configured "hive.server2.authentication.ldap.Domain"
to the username, which limits user to that domain. However, under multi-domain authentication,
the username may already include the domain (ex:  user@domain.foo.com). We should not append
a domain if one is already present.

Also, if username already includes the domain, rest of Hive and authorization providers still
expects the "short name" ("user" and not "user@domain.foo.com") for looking up privilege rules,
etc.  As such, any domain info in the username should be stripped off.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message