hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roshan Naik (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-11089) Hive Streaming: connection fails when using a proxy user UGI
Date Wed, 05 Aug 2015 22:52:04 GMT

    [ https://issues.apache.org/jira/browse/HIVE-11089?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14659125#comment-14659125
] 

Roshan Naik commented on HIVE-11089:
------------------------------------


- That 'proxyUser' string argument was a parameter to a private method prior to kerberos support.
it was never exposed externally and always set to null internally. At the time the thought
was to support proxying but it never got fully tested. So I think i pulled it from the public
interface very late in the dev cycle and did not reflect that in the wiki. I just updated
the wiki.

- With introduction of kerberos support, the internal 'proxyUser' was dropped, and UGI based
'authenticatedUser' argument  was exposed publicly ... in a new overload for newConnection().
So to acquire connection as a user other than process user, kerberos will be needed.

- Wiki has a secure/kerberos example at the bottom. that should work.  API reference is in
the Java Docs http://hive.apache.org/javadocs/r1.2.1/api/.   References to proxyUser in the
javadocs need to be fixed.

> Hive Streaming: connection fails when using a proxy user UGI
> ------------------------------------------------------------
>
>                 Key: HIVE-11089
>                 URL: https://issues.apache.org/jira/browse/HIVE-11089
>             Project: Hive
>          Issue Type: Bug
>          Components: HCatalog
>    Affects Versions: 0.14.0, 1.0.0, 1.2.0
>            Reporter: Adam Kunicki
>              Labels: ACID, Streaming
>
> HIVE-7508 "Add Kerberos Support" seems to also remove the ability to specify a proxy
user.
> HIVE-8427 adds a call to ugi.hasKerberosCredentials() to check whether the connection
is supposed to be a secure connection.
> This however breaks support for Proxy Users as a proxy user UGI will always return false
to hasKerberosCredentials().
> See lines 273, 274 of HiveEndPoint.java
> {code}
> this.secureMode = ugi==null ? false : ugi.hasKerberosCredentials();
> this.msClient = getMetaStoreClient(endPoint, conf, secureMode);
> {code}
> It also seems that between 13.1 and 0.14 the newConnection() method that includes a proxy
user has been removed.
> for reference: https://github.com/apache/hive/commit/8e423a12db47759196c24535fbc32236b79f464a



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message