[KNOX-2223] HS2 cookie not stored in HadoopAuthCookieStore - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.1.0, 1.2.0, 1.3.0
Fix Version/s: 1.4.0
Component/s: None
Labels:
None

Description

HadoopAuthCookieStore checks to see if the cookie corresponds to Knox after ~~KNOX-1341~~ and further improved in ~~KNOX-2026~~.

The HS2 cookie format doesn't match what Knox expects though. Knox expects the cookie to have the entire principal (knox/hostname@REALM.COM). HS2 generates the authentication cookie based on the short name just "knox".

https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java#L83

This causes a mismatch and Knox never stores the HS2 cookie. This results in repeated Knox Kerberos auth to HS2 which is a performance penalty.

Attachments

Issue Links

is caused by

KNOX-1341 Constrain cookies added to the HadoopAuthCookieStore

Closed

relates to

KNOX-2026 Accept Impala's authentication cookies

Resolved

links to

GitHub Pull Request #253

Activity

People

Assignee:: Kevin Risden

Reporter:: Kevin Risden

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 04/Feb/20 22:56

Updated:: 05/Feb/20 21:14

Resolved:: 05/Feb/20 21:14

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m