hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <>
Subject [jira] [Commented] (HIVE-11010) Accumulo storage handler queries via HS2 fail
Date Mon, 15 Jun 2015 22:56:02 GMT


Josh Elser commented on HIVE-11010:

Thanks for filing this. Was doing some debugging with [~taksaito] with the AccumuloStorageHandler
-- loaded some data in both HBase and Accumulo, ran some Hive queries against both and found
that when we ran the Accumulo queries via hiveserver (but not in the local client) both the
queries would fail on the RPC handshakes. Short story, AccumuloStorageHandler queries with
Kerberos on don't work with HiveServer2.

I think what was happening is that the additions to the AccumuloStorageHandler in HIVE-10857
don't work as expected because HS2 is going to be running with its own Kerberos credentials.
I think we need to change how we set up the credentials inside of AccumuloStorageHandler so
that it will work regardless of a local hive client or hs2 -- running a doAs with a PROXY
instead of replacing the HS2 credentials.

The second half is that we'd need to make sure Accumulo itself is configured to allow HS2
to proxy on behalf of users -- not relevant for Hive code, but something to document for users
to set up in Accumulo.

> Accumulo storage handler queries via HS2 fail
> ---------------------------------------------
>                 Key: HIVE-11010
>                 URL:
>             Project: Hive
>          Issue Type: Bug
>          Components: Hive
>    Affects Versions: 1.2.0, 1.2.1
>         Environment: Secure
>            Reporter: Takahiko Saito
>            Assignee: Josh Elser
>             Fix For: 1.2.1
> On Kerberized cluster, accumulo storage handler throws an error, "[usrname]@[principlaname]
is not allowed to impersonate [username]" 

This message was sent by Atlassian JIRA

View raw message