Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-6957

SQL authorization does not work with HS2 binary mode and Kerberos auth

    Details

      Description

      In HiveServer2, when Kerberos auth and binary transport modes are used, the user name that gets passed on to authorization is the long kerberos username.
      The username that is used in grant/revoke statements tend to be the short usernames.
      This also fails in authorizing statements that involve URI, as the authorization mode checks the file system permissions for given user. It does not recognize that the given long username actually owns the file or belongs to the group that owns the file.

        Attachments

        1. HIVE-6957.1.patch
          11 kB
          Thejas M Nair
        2. HIVE-6957.2.patch
          21 kB
          Thejas M Nair
        3. HIVE-6957.3.patch
          27 kB
          Thejas M Nair
        4. HIVE-6957.4.patch
          27 kB
          Thejas M Nair
        5. HIVE-6957.04-branch.0.13.patch
          1 kB
          Thejas M Nair

          Issue Links

            Activity

              People

              • Assignee:
                thejas Thejas M Nair
                Reporter:
                thejas Thejas M Nair
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: