Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-3807

Hive authorization should use short username when Kerberos authentication

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.9.0, 0.10.0
    • 0.12.0
    • Authorization
    • None

    Description

      Currently when authentication method is Kerberos,Hive authorization uses user full name as privilege principal, for example, it uses john@EXAMPLE.COM instead of john.

      It should use the short name instead. The benefits:
      1. Be consistent. Hadoop, HBase and etc they all use short name in related ACLs or authorizations. For Hive authorization works well with them, this should be.
      2. Be convenient. It's very inconvenient to use the lengthy Kerberos principal name when grant or revoke privileges via Hive CLI.

      Attachments

        1. HIVE-3807.patch
          1.0 kB
          Kai Zheng

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. HIVE-4413 Parse Exception : character '@' not supported while granting privileges to user in a Secure Cluster through hive client.

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              drankye Kai Zheng
              drankye Kai Zheng
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: