Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-14984

Hive-WebUI access results in Request is a replay (34) attack

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.2.0
    • Fix Version/s: 2.2.0
    • Component/s: HiveServer2
    • Labels:
      None
    • Target Version/s:

      Description

      When trying to access kerberized webui of HS2, The following error is received
      GSSException: Failure unspecified at GSS-API level (Mechanism level: Request is a replay (34))

      While this is not happening for RM webui (checked if kerberos webui is enabled)

      To reproduce the issue

      Try running
      curl --negotiate -u : -b ~/cookiejar.txt -c ~/cookiejar.txt http://<hostname>:10002/
      from any cluster nodes
      or
      Try accessing the URL from a VM with windows machine and firefox browser to replicate the issue

      The following workaround helped, but need a permanent solution for the bug

      Workaround:
      =========
      First access the index.html directly and then actual URL of webui

      curl --negotiate -u : -b ~/cookiejar.txt -c ~/cookiejar.txt http://<hostname>:10002/index.html

      curl --negotiate -u : -b ~/cookiejar.txt -c ~/cookiejar.txt http://<hostname>:10002

      In browser:

      First access
      http://<hostname>:10002/index.html
      then
      http://<hostname>:10002

        Attachments

        1. HIVE-14984.patch
          4 kB
          Barna Zsombor Klara

          Issue Links

            Activity

              People

              • Assignee:
                zsombor.klara Barna Zsombor Klara
                Reporter:
                Venkat Sambath Venkat Sambath
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: