Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-13590

Kerberized HS2 with LDAP auth enabled fails in multi-domain LDAP case

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.1.1, 2.2.0
    • Component/s: Authentication, Security
    • Labels:
      None

      Description

      In a kerberized HS2 with LDAP authentication enabled, LDAP user usually logs in using username in form of username@domain in LDAP multi-domain case. But it fails if the domain was not in the Hadoop auth_to_local mapping rule, the error is as following:

      Caused by: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to ctang@mydomain.com
      at org.apache.hadoop.security.authentication.util.KerberosName.getShortName(KerberosName.java:389)
      at org.apache.hadoop.security.User.<init>(User.java:48)
      

        Attachments

        1. HIVE-13590.patch
          12 kB
          Chaoyu Tang
        2. HIVE-13590.patch
          12 kB
          Chaoyu Tang
        3. HIVE-13590.1.patch
          11 kB
          Chaoyu Tang
        4. HIVE-13590.1.patch
          11 kB
          Chaoyu Tang

          Issue Links

            Activity

              People

              • Assignee:
                ctang Chaoyu Tang
                Reporter:
                ctang Chaoyu Tang
              • Votes:
                0 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: