hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mubashir Kazia (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-10312) SASL.QOP in JDBC URL is ignored for Delegation token Authentication
Date Mon, 20 Apr 2015 14:49:58 GMT

    [ https://issues.apache.org/jira/browse/HIVE-10312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14502944#comment-14502944
] 

Mubashir Kazia commented on HIVE-10312:
---------------------------------------

[~aihuaxu] If you are going to use the Hive JDBC driver from any framework that relies on
Delegation tokens to authenticate to HS2 that has SASL.QOP to set to anything other than "auth"
you'll have this issue. In my case it just happened to be oozie. Yes the driver would work
the same with or without oozie. I have not seen any hive docs that says that QOP should not
be set for DIGEST authentication mechanism. AFAIK Java supports QOP on DIGEST authentication
mechanism, see http://docs.oracle.com/javase/jndi/tutorial/ldap/security/sasl.html.

> SASL.QOP in JDBC URL is ignored for Delegation token Authentication
> -------------------------------------------------------------------
>
>                 Key: HIVE-10312
>                 URL: https://issues.apache.org/jira/browse/HIVE-10312
>             Project: Hive
>          Issue Type: Bug
>          Components: JDBC
>    Affects Versions: 1.2.0
>            Reporter: Mubashir Kazia
>             Fix For: 1.2.0
>
>         Attachments: HIVE-10312.1.patch
>
>
> When HS2 is configured for QOP other than auth (auth-int or auth-conf), Kerberos client
connection works fine when the JDBC URL specifies the matching QOP, however when this HS2
is accessed through Oozie (Delegation token / Digest authentication), connections fails because
the JDBC driver ignores the SASL.QOP parameters in the JDBC URL. SASL.QOP setting should be
valid for DIGEST Auth mech.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message