[HIVE-15177] Authentication with hive fails when kerberos auth type is set to fromSubject and principal contains _HOST - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.0.0-alpha-1
Component/s: Authentication
Labels:
None

Description

Authentication with hive fails when kerberos auth type is set to fromSubject and principal contains _HOST.

When auth type is set to fromSubject, _HOST in principal is not resolved to the actual host name even though the correct host name is available. This leads to connection failure. If auth type is not set to fromSubject host resolution is done correctly.

The problem is in getKerberosTransport method of org.apache.hive.service.auth.KerberosSaslHelper class. When assumeSubject is true host name in the principal is not resolved. When it is false, host name is passed on to HadoopThriftAuthBridge, which takes care of resolving the parameter.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HIVE-15177.1.patch
24/Jun/19 21:08
2 kB
Oliver Draese
HIVE-15177.2.patch
25/Jun/19 15:51
2 kB
Oliver Draese

Activity

People

Assignee:: Oliver Draese

Reporter:: Subrahmanya

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 10/Nov/16 15:07

Updated:: 17/Nov/22 08:55

Resolved:: 27/Jun/19 23:21