hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Siddharth Seth (JIRA)" <>
Subject [jira] [Commented] (HIVE-13391) add an option to LLAP to use keytab to authenticate to read data
Date Thu, 31 Mar 2016 16:38:25 GMT


Siddharth Seth commented on HIVE-13391:

[~sershe] - I'm not sure the changes to MapRecordProcessor and the read path are required
either. I'll look at the UGI code to see what happens in case of new threads being created
etc. From what I remember, UGI context is not transferred correctly in case of thread pools
(or not updated when a new work item is submitted to a threadpool). That, however, may not
be an issue for us - since there's a single UGI instance being used.

Do we want to retain the old functionality of sending tokens and running under the ugi with
tokens added ? LlapTaskCommunicator would need to be modified to stop sending in some of the
tokens (the session token is still required).
Using a single UGI for the entire daemon implies a single FileSystem instance afaik. I wonder
if this can cause performance issues - with the underlying DFS client and IPC connections
being shared. [~gopalv] - do you have any idea about this ?
If this is the case, it should be possible to create a UGI per task (there's a separate jira
for a UGI pool - which would be ideal), which will have access to the keytab.

Nit: Instead of calling this hdfsUgi - can we call it a kerberizedUgi or some such ? It's
not really tied to HDFS.

> add an option to LLAP to use keytab to authenticate to read data
> ----------------------------------------------------------------
>                 Key: HIVE-13391
>                 URL:
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Sergey Shelukhin
>            Assignee: Sergey Shelukhin
>         Attachments: HIVE-13391.patch
> This can be used for non-doAs case to allow access to clients who don't propagate HDFS

This message was sent by Atlassian JIRA

View raw message