hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ádám Szita (Jira) <j...@apache.org>
Subject [jira] [Work started] (HIVE-22354) LLAP status driver may look for worker registration on 'unsecure' ZK nodes
Date Wed, 16 Oct 2019 08:20:00 GMT

     [ https://issues.apache.org/jira/browse/HIVE-22354?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Work on HIVE-22354 started by Ádám Szita.
-----------------------------------------
> LLAP status driver may look for worker registration on 'unsecure' ZK nodes
> --------------------------------------------------------------------------
>
>                 Key: HIVE-22354
>                 URL: https://issues.apache.org/jira/browse/HIVE-22354
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Ádám Szita
>            Assignee: Ádám Szita
>            Priority: Major
>
> HIVE-22195 introduced a change in determining secure/unsecure environments:
> {code:java}
> public static boolean isKerberosEnabled(Configuration conf) {
>   try {
>     return UserGroupInformation.getLoginUser().isFromKeytab() &&
>         HiveConf.getBoolVar(conf, HiveConf.ConfVars.HIVE_ZOOKEEPER_USE_KERBEROS);
>   } catch (IOException e) {
>     return false;
>   }
> } {code}
> This won't work for cases where the JVM process was started after kinit (e.g. in a launcher
shell script), where Kerberos authentication is not 'fromKeytab' but rather 'fromTicket' -
it will return false even if we have a successfully authenticated principal.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message