[HIVE-14984] Hive-WebUI access results in Request is a replay (34) attack - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.2.0
Fix Version/s: 2.2.0
Component/s: HiveServer2
Labels:
None

Target Version/s:

2.2.0

Description

When trying to access kerberized webui of HS2, The following error is received
GSSException: Failure unspecified at GSS-API level (Mechanism level: Request is a replay (34))

While this is not happening for RM webui (checked if kerberos webui is enabled)

To reproduce the issue

Try running
curl --negotiate -u : -b ~/cookiejar.txt -c ~/cookiejar.txt http://<hostname>:10002/
from any cluster nodes
or
Try accessing the URL from a VM with windows machine and firefox browser to replicate the issue

The following workaround helped, but need a permanent solution for the bug

Workaround:
=========
First access the index.html directly and then actual URL of webui

curl --negotiate -u : -b ~/cookiejar.txt -c ~/cookiejar.txt http://<hostname>:10002/index.html

curl --negotiate -u : -b ~/cookiejar.txt -c ~/cookiejar.txt http://<hostname>:10002

In browser:

First access
http://<hostname>:10002/index.html
then
http://<hostname>:10002

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

HIVE-14984.patch
25/Oct/16 10:01
4 kB
Barna Zsombor Klara

Issue Links

breaks

HIVE-15196 LLAP UI: HIVE-14984 broke LLAP UI

Closed

links to

Review Board

Activity

People

Assignee:

Barna Zsombor Klara

Reporter:

Venkat Sambath

Votes:

0 Vote for this issue

Watchers:

7 Start watching this issue

Dates

Created:

17/Oct/16 08:48

Updated:

26/Jul/17 00:03

Resolved:

08/Nov/16 13:34