hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rey Rey Chang (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HIVE-17207) Hiveserver2 fails to start when hive.server2.authentication is set to KERBEROS
Date Sat, 29 Jul 2017 12:52:00 GMT

     [ https://issues.apache.org/jira/browse/HIVE-17207?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rey Rey Chang updated HIVE-17207:
---------------------------------
    Description: 
The logic in getAuthTransFactory() is flawed, as it will always return "Unsupported authentication
type" error when authTypeStr is set to KERBEROS. 

inside HiveAuthFactory class.
  public TTransportFactory getAuthTransFactory()
    throws LoginException
  {
    TTransportFactory transportFactory;
    if (isSASLWithKerberizedHadoop())
    {
      try
      {
        serverTransportFactory = this.saslServer.createSaslServerTransportFactory(
          getSaslProperties());
      }
      catch (TTransportException e)
      {
        TSaslServerTransport.Factory serverTransportFactory;
        throw new LoginException(e.getMessage());
      }
      TSaslServerTransport.Factory serverTransportFactory;
      if (!this.authTypeStr.equalsIgnoreCase(AuthTypes.KERBEROS.getAuthName())) {
        if ((this.authTypeStr.equalsIgnoreCase(AuthTypes.NONE.getAuthName())) || 
          (this.authTypeStr.equalsIgnoreCase(AuthTypes.LDAP.getAuthName())) || 
          (this.authTypeStr.equalsIgnoreCase(AuthTypes.PAM.getAuthName())) || 
          (this.authTypeStr.equalsIgnoreCase(AuthTypes.CUSTOM.getAuthName()))) {
          try
          {
            serverTransportFactory.addServerDefinition("PLAIN", this.authTypeStr, null, new
HashMap(), new PlainSaslHelper.PlainServerCallbackHandler(this.authTypeStr));
          }
          catch (AuthenticationException e)
          {
            throw new LoginException("Error setting callback handler" + e);
          }
        } else {
          throw new LoginException("Unsupported authentication type " + this.authTypeStr);
        }
      }
      transportFactory = this.saslServer.wrapTransportFactory(serverTransportFactory);
    }
    else
    {
      TTransportFactory transportFactory;
      if ((this.authTypeStr.equalsIgnoreCase(AuthTypes.NONE.getAuthName())) || 
        (this.authTypeStr.equalsIgnoreCase(AuthTypes.LDAP.getAuthName())) || 
        (this.authTypeStr.equalsIgnoreCase(AuthTypes.PAM.getAuthName())) || 
        (this.authTypeStr.equalsIgnoreCase(AuthTypes.CUSTOM.getAuthName())))
      {
        transportFactory = PlainSaslHelper.getPlainTransportFactory(this.authTypeStr);
      }
      else
      {
        TTransportFactory transportFactory;
        if (this.authTypeStr.equalsIgnoreCase(AuthTypes.NOSASL.getAuthName())) {
          transportFactory = new TTransportFactory();
        } else {
          throw new LoginException("Unsupported authentication type " + this.authTypeStr);
        }
      }
    }
    TTransportFactory transportFactory;
    return transportFactory;
  }

  was:
The logic in getAuthTransFactory() is flawed, as it will always "Unsupported authentication
type" error when authTypeStr is set to KERBEROS. 

inside HiveAuthFactory class.
  public TTransportFactory getAuthTransFactory()
    throws LoginException
  {
    TTransportFactory transportFactory;
    if (isSASLWithKerberizedHadoop())
    {
      try
      {
        serverTransportFactory = this.saslServer.createSaslServerTransportFactory(
          getSaslProperties());
      }
      catch (TTransportException e)
      {
        TSaslServerTransport.Factory serverTransportFactory;
        throw new LoginException(e.getMessage());
      }
      TSaslServerTransport.Factory serverTransportFactory;
      if (!this.authTypeStr.equalsIgnoreCase(AuthTypes.KERBEROS.getAuthName())) {
        if ((this.authTypeStr.equalsIgnoreCase(AuthTypes.NONE.getAuthName())) || 
          (this.authTypeStr.equalsIgnoreCase(AuthTypes.LDAP.getAuthName())) || 
          (this.authTypeStr.equalsIgnoreCase(AuthTypes.PAM.getAuthName())) || 
          (this.authTypeStr.equalsIgnoreCase(AuthTypes.CUSTOM.getAuthName()))) {
          try
          {
            serverTransportFactory.addServerDefinition("PLAIN", this.authTypeStr, null, new
HashMap(), new PlainSaslHelper.PlainServerCallbackHandler(this.authTypeStr));
          }
          catch (AuthenticationException e)
          {
            throw new LoginException("Error setting callback handler" + e);
          }
        } else {
          throw new LoginException("Unsupported authentication type " + this.authTypeStr);
        }
      }
      transportFactory = this.saslServer.wrapTransportFactory(serverTransportFactory);
    }
    else
    {
      TTransportFactory transportFactory;
      if ((this.authTypeStr.equalsIgnoreCase(AuthTypes.NONE.getAuthName())) || 
        (this.authTypeStr.equalsIgnoreCase(AuthTypes.LDAP.getAuthName())) || 
        (this.authTypeStr.equalsIgnoreCase(AuthTypes.PAM.getAuthName())) || 
        (this.authTypeStr.equalsIgnoreCase(AuthTypes.CUSTOM.getAuthName())))
      {
        transportFactory = PlainSaslHelper.getPlainTransportFactory(this.authTypeStr);
      }
      else
      {
        TTransportFactory transportFactory;
        if (this.authTypeStr.equalsIgnoreCase(AuthTypes.NOSASL.getAuthName())) {
          transportFactory = new TTransportFactory();
        } else {
          throw new LoginException("Unsupported authentication type " + this.authTypeStr);
        }
      }
    }
    TTransportFactory transportFactory;
    return transportFactory;
  }


> Hiveserver2 fails to start when hive.server2.authentication is set to KERBEROS
> ------------------------------------------------------------------------------
>
>                 Key: HIVE-17207
>                 URL: https://issues.apache.org/jira/browse/HIVE-17207
>             Project: Hive
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: 2.2.0
>            Reporter: Rey Rey Chang
>
> The logic in getAuthTransFactory() is flawed, as it will always return "Unsupported authentication
type" error when authTypeStr is set to KERBEROS. 
> inside HiveAuthFactory class.
>   public TTransportFactory getAuthTransFactory()
>     throws LoginException
>   {
>     TTransportFactory transportFactory;
>     if (isSASLWithKerberizedHadoop())
>     {
>       try
>       {
>         serverTransportFactory = this.saslServer.createSaslServerTransportFactory(
>           getSaslProperties());
>       }
>       catch (TTransportException e)
>       {
>         TSaslServerTransport.Factory serverTransportFactory;
>         throw new LoginException(e.getMessage());
>       }
>       TSaslServerTransport.Factory serverTransportFactory;
>       if (!this.authTypeStr.equalsIgnoreCase(AuthTypes.KERBEROS.getAuthName())) {
>         if ((this.authTypeStr.equalsIgnoreCase(AuthTypes.NONE.getAuthName())) || 
>           (this.authTypeStr.equalsIgnoreCase(AuthTypes.LDAP.getAuthName())) || 
>           (this.authTypeStr.equalsIgnoreCase(AuthTypes.PAM.getAuthName())) || 
>           (this.authTypeStr.equalsIgnoreCase(AuthTypes.CUSTOM.getAuthName()))) {
>           try
>           {
>             serverTransportFactory.addServerDefinition("PLAIN", this.authTypeStr, null,
new HashMap(), new PlainSaslHelper.PlainServerCallbackHandler(this.authTypeStr));
>           }
>           catch (AuthenticationException e)
>           {
>             throw new LoginException("Error setting callback handler" + e);
>           }
>         } else {
>           throw new LoginException("Unsupported authentication type " + this.authTypeStr);
>         }
>       }
>       transportFactory = this.saslServer.wrapTransportFactory(serverTransportFactory);
>     }
>     else
>     {
>       TTransportFactory transportFactory;
>       if ((this.authTypeStr.equalsIgnoreCase(AuthTypes.NONE.getAuthName())) || 
>         (this.authTypeStr.equalsIgnoreCase(AuthTypes.LDAP.getAuthName())) || 
>         (this.authTypeStr.equalsIgnoreCase(AuthTypes.PAM.getAuthName())) || 
>         (this.authTypeStr.equalsIgnoreCase(AuthTypes.CUSTOM.getAuthName())))
>       {
>         transportFactory = PlainSaslHelper.getPlainTransportFactory(this.authTypeStr);
>       }
>       else
>       {
>         TTransportFactory transportFactory;
>         if (this.authTypeStr.equalsIgnoreCase(AuthTypes.NOSASL.getAuthName())) {
>           transportFactory = new TTransportFactory();
>         } else {
>           throw new LoginException("Unsupported authentication type " + this.authTypeStr);
>         }
>       }
>     }
>     TTransportFactory transportFactory;
>     return transportFactory;
>   }



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message