Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-13590

Kerberized HS2 with LDAP auth enabled fails in multi-domain LDAP case

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 2.1.1, 2.2.0
    • Authentication, Security
    • None

    Description

      In a kerberized HS2 with LDAP authentication enabled, LDAP user usually logs in using username in form of username@domain in LDAP multi-domain case. But it fails if the domain was not in the Hadoop auth_to_local mapping rule, the error is as following:

      Caused by: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to ctang@mydomain.com
      at org.apache.hadoop.security.authentication.util.KerberosName.getShortName(KerberosName.java:389)
      at org.apache.hadoop.security.User.<init>(User.java:48)
      

      Attachments

        1. HIVE-13590.patch
          12 kB
          Chaoyu Tang
        2. HIVE-13590.patch
          12 kB
          Chaoyu Tang
        3. HIVE-13590.1.patch
          11 kB
          Chaoyu Tang
        4. HIVE-13590.1.patch
          11 kB
          Chaoyu Tang

        Issue Links

          Activity

            People

              ctang Chaoyu Tang
              ctang Chaoyu Tang
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: