hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "HeeSoo Kim (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HIVE-10838) Allow Hive metastore client can use different hostname which has multiple hostnames when security is enable
Date Wed, 27 May 2015 22:24:17 GMT
HeeSoo Kim created HIVE-10838:
---------------------------------

             Summary: Allow Hive metastore client can use different hostname which has multiple
hostnames when security is enable
                 Key: HIVE-10838
                 URL: https://issues.apache.org/jira/browse/HIVE-10838
             Project: Hive
          Issue Type: Task
            Reporter: HeeSoo Kim
            Assignee: HeeSoo Kim


Currently if Hive metastore client (e.g. HS2, oozie) tries to connect the hive metastore to
when security is enabled, the Hive metastore client will fail to connect with an error like
the following:
{code}
2015-05-21 23:17:59,554 ERROR metadata.Hive (Hive.java:getDelegationToken(2638)) - MetaException(message:Unauthorized
connection for super-user: hiveserver/hiveserver-dpci.s3s.altiscale.com@TEST.ALTISCALE.COM
from IP 10.250.16.43)
        at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
        at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
        at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result.read(ThriftHiveMetastore.java)
        at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:78)
        at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_delegation_token(ThriftHiveMetastore.java:3293)
        at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_delegation_token(ThriftHiveMetastore.java:3279)
        at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.getDelegationToken(HiveMetaStoreClient.java:1559)
{code}
This is the case when if Hive metastore client's default IP address is the different from
hostname of the Hive metastore client's kerberos principal. And the Hive metastore client
has multiple IP addresses.
We need to set the bind address when Hive metastore client tries to connect Hive metastore
based on hostname of Kerberos.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message