hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergio Peña (JIRA) <j...@apache.org>
Subject [jira] [Commented] (HIVE-10115) HS2 running on a Kerberized cluster should offer Kerberos(GSSAPI) and Delegation token(DIGEST) when alternate authentication is enabled
Date Fri, 05 Feb 2016 17:06:39 GMT

    [ https://issues.apache.org/jira/browse/HIVE-10115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15134483#comment-15134483
] 

Sergio Peña commented on HIVE-10115:
------------------------------------

The JDBC spark tests that failed are not related to this patch. Seems that those tests are
flaky. I looked at other jobs, and there are other JDBC spark test classes that fail in the
same way.
I run this test in my machine and it works.

Another failed test, {{TestTxnCommands2}}, is not related to this patch either. It does not
touch anything from HS2 authentication, and the failure is due to a NullPointerException that
happens in getting transactions from the metastore.
I run this test in my machine and it works.

The other 2  tests failed in previous jobs as well.
I'll do a +1 to this patch.

[~xuefuz] Could you confirm that the Spark tests are not related?

> HS2 running on a Kerberized cluster should offer Kerberos(GSSAPI) and Delegation token(DIGEST)
when alternate authentication is enabled
> ---------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-10115
>                 URL: https://issues.apache.org/jira/browse/HIVE-10115
>             Project: Hive
>          Issue Type: Improvement
>          Components: Authentication
>    Affects Versions: 1.1.0
>            Reporter: Mubashir Kazia
>            Assignee: Mubashir Kazia
>              Labels: patch
>         Attachments: HIVE-10115.0.patch, HIVE-10115.2.patch
>
>
> In a Kerberized cluster when alternate authentication is enabled on HS2, it should also
accept Kerberos Authentication. The reason this is important is because when we enable LDAP
authentication HS2 stops accepting delegation token authentication. So we are forced to enter
username passwords in the oozie configuration.
> The whole idea of SASL is that multiple authentication mechanism can be offered. If we
disable Kerberos(GSSAPI) and delegation token (DIGEST) authentication when we enable LDAP
authentication, this defeats SASL purpose.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message