hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Yang (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HIVE-17187) WebHCat SPNEGO support is incompleted
Date Thu, 27 Jul 2017 19:11:00 GMT
Eric Yang created HIVE-17187:
--------------------------------

             Summary: WebHCat SPNEGO support is incompleted
                 Key: HIVE-17187
                 URL: https://issues.apache.org/jira/browse/HIVE-17187
             Project: Hive
          Issue Type: Bug
          Components: WebHCat
    Affects Versions: 1.2.1
            Reporter: Eric Yang


[Some online document|https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.1/bk_security/content/spnego_setup_for_webhcat.html]
describes how to setup WebHCat with SPNEGO support.  However, there could be multiple services
use SPNEGO on the same host.  For example, HBase REST API can also setup to use HTTP principal
for SPNEGO support.  When HTTP principal is shared among other services, Hadoop proxy user
settings can not identify the origin of doAs call with HTTP principal, is invoked by HBase
REST API or WebHCat.  Ideally, WebHCat should keep track of its own service principal independent
of SPNEGO principal to ensure that SPNEGO principal is only given authentication access. 
SPNEGO principal should not be used in proxy user setting to grant authorization access.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message