hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hari Sekhon (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HIVE-9144) Beeline + Kerberos shouldn't prompt for unused username + password
Date Wed, 17 Dec 2014 14:41:14 GMT

     [ https://issues.apache.org/jira/browse/HIVE-9144?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Hari Sekhon updated HIVE-9144:
------------------------------
    Description: 
When using beeline to connect to a kerberized HiveServer2 it still prompts for a username
and password that aren't used. It should be changed to not prompt when using Kerberos:
{code}/opt/mapr/hive/hive-0.13/bin/beeline
Beeline version 0.13.0-mapr-1409 by Apache Hive
beeline> !connect jdbc:hive2://<host>:10000/default;principal=hive/<host>@REALM
scan complete in 6ms
Connecting to jdbc:hive2://<host>:10000/default;principal=hive/<host>@REALM
Enter username for jdbc:hive2://<host>:10000/default;principal=hive/<host>@REALM:
wronguser
Enter password for jdbc:hive2://<host>:10000/default;principal=hive/<host>@REALM:
<enter>
Connected to: Apache Hive (version 0.13.0-mapr-1409)
Driver: Hive JDBC (version 0.13.0-mapr-1409)
Transaction isolation: TRANSACTION_REPEATABLE_READ
{code}
Hive conf includes (as concisely shown by set):
{code}hive.server2.authentication = KERBEROS
hive.server2.enable.doAs = true
hive.server2.enable.impersonation = true
{code}
I can't see how to demonstrate in HQL session that I am not connected as "wronguser" (which
obviously doesn't exist either locally or as a Kerberos principal or account in my LDAP directory),
so I've raised another ticket for that HIVE-9143, but it should be clear given I specifed
a non-existent user and a completely blank password just hitting enter that it's not using
those credentials. Same happens with <enter>, <enter> for both username and password.

Regards,

Hari Sekhon
http://www.linkedin.com/in/harisekhon

  was:
When using beeline to connect to a kerberized HiveServer2 it still prompts for a username
and password that aren't used. It should be changed to not prompt when using Kerberos:
{code}/opt/mapr/hive/hive-0.13/bin/beeline
Beeline version 0.13.0-mapr-1409 by Apache Hive
beeline> !connect jdbc:hive2://<host>:10000/default;principal=hive/<host>@REALM
scan complete in 6ms
Connecting to jdbc:hive2://<host>:10000/default;principal=hive/<host>@REALM
Enter username for jdbc:hive2://lonsl1101975.uk.net.intra:10000/default;principal=hive/<host>@REALM:
wronguser
Enter password for jdbc:hive2://<host>:10000/default;principal=hive/<host>@REALM:
<enter>
Connected to: Apache Hive (version 0.13.0-mapr-1409)
Driver: Hive JDBC (version 0.13.0-mapr-1409)
Transaction isolation: TRANSACTION_REPEATABLE_READ
{code}
Hive conf includes (as concisely shown by set):
{code}hive.server2.authentication = KERBEROS
hive.server2.enable.doAs = true
hive.server2.enable.impersonation = true
{code}
I can't see how to demonstrate in HQL session that I am not connected as "wronguser" (which
obviously doesn't exist either locally or as a Kerberos principal or account in my LDAP directory),
so I've raised another ticket for that HIVE-9143, but it should be clear given I specifed
a non-existent user and a completely blank password just hitting enter that it's not using
those credentials. Same happens with <enter>, <enter> for both username and password.

Regards,

Hari Sekhon
http://www.linkedin.com/in/harisekhon


> Beeline + Kerberos shouldn't prompt for unused username + password
> ------------------------------------------------------------------
>
>                 Key: HIVE-9144
>                 URL: https://issues.apache.org/jira/browse/HIVE-9144
>             Project: Hive
>          Issue Type: Bug
>          Components: Beeline
>    Affects Versions: 0.13.0
>         Environment: Hive 0.13 on MapR 4.0.1
>            Reporter: Hari Sekhon
>            Priority: Minor
>
> When using beeline to connect to a kerberized HiveServer2 it still prompts for a username
and password that aren't used. It should be changed to not prompt when using Kerberos:
> {code}/opt/mapr/hive/hive-0.13/bin/beeline
> Beeline version 0.13.0-mapr-1409 by Apache Hive
> beeline> !connect jdbc:hive2://<host>:10000/default;principal=hive/<host>@REALM
> scan complete in 6ms
> Connecting to jdbc:hive2://<host>:10000/default;principal=hive/<host>@REALM
> Enter username for jdbc:hive2://<host>:10000/default;principal=hive/<host>@REALM:
wronguser
> Enter password for jdbc:hive2://<host>:10000/default;principal=hive/<host>@REALM:
<enter>
> Connected to: Apache Hive (version 0.13.0-mapr-1409)
> Driver: Hive JDBC (version 0.13.0-mapr-1409)
> Transaction isolation: TRANSACTION_REPEATABLE_READ
> {code}
> Hive conf includes (as concisely shown by set):
> {code}hive.server2.authentication = KERBEROS
> hive.server2.enable.doAs = true
> hive.server2.enable.impersonation = true
> {code}
> I can't see how to demonstrate in HQL session that I am not connected as "wronguser"
(which obviously doesn't exist either locally or as a Kerberos principal or account in my
LDAP directory), so I've raised another ticket for that HIVE-9143, but it should be clear
given I specifed a non-existent user and a completely blank password just hitting enter that
it's not using those credentials. Same happens with <enter>, <enter> for both
username and password.
> Regards,
> Hari Sekhon
> http://www.linkedin.com/in/harisekhon



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message