[HAWQ-1485] Use user/password instead of credentials cache in Ranger lookup for HAWQ with Kerberos enabled. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.3.0.0-incubating
Component/s: Security
Labels:
None

Description

When used credentials cache:
Try error password in Ranger UI doesn't destroy the existed kerberos credentials (created by last success kinit command)
It's a strange behavior to user.

So we should use user/password for kerberos authentication.
Core logic:

        Properties props = new Properties();
        if (connectionProperties.containsKey(AUTHENTICATION) && connectionProperties.get(AUTHENTICATION).equals(KERBEROS)) {
            //kerberos mode
            props.setProperty("kerberosServerName", connectionProperties.get("principal"));
            props.setProperty("jaasApplicationName", "pgjdbc");
        }

        String url = String.format("jdbc:postgresql://%s:%s/%s", connectionProperties.get("hostname"), connectionProperties.get("port"), db);
        props.setProperty("user", connectionProperties.get("username"));
        props.setProperty("password", connectionProperties.get("password"));

        return DriverManager.getConnection(url, props);

Attachments

Issue Links

links to

GitHub Pull Request #1253

GitHub Pull Request #1256

Activity

People

Assignee:: Hongxu Ma

Reporter:: Hongxu Ma

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/Jun/17 04:06

Updated:: 16/Jun/17 02:10

Resolved:: 16/Jun/17 02:10