diff --git a/llap-client/src/java/org/apache/hadoop/hive/registry/impl/ZookeeperUtils.java b/llap-client/src/java/org/apache/hadoop/hive/registry/impl/ZookeeperUtils.java index 2ac0fbedbd1cfa9dadb07a1b6337195f3e68528d..be7657a5080b78df806994af8c492140384c3926 100644 --- a/llap-client/src/java/org/apache/hadoop/hive/registry/impl/ZookeeperUtils.java +++ b/llap-client/src/java/org/apache/hadoop/hive/registry/impl/ZookeeperUtils.java @@ -58,7 +58,7 @@ public static String setupZookeeperAuth(Configuration conf, String saslLoginCont */ public static boolean isKerberosEnabled(Configuration conf) { try { - return UserGroupInformation.getLoginUser().isFromKeytab() && + return UserGroupInformation.getLoginUser().hasKerberosCredentials() && HiveConf.getBoolVar(conf, HiveConf.ConfVars.HIVE_ZOOKEEPER_USE_KERBEROS); } catch (IOException e) { return false; @@ -68,8 +68,8 @@ public static boolean isKerberosEnabled(Configuration conf) { /** * Dynamically sets up the JAAS configuration that uses kerberos. * - * @param principal - * @param keyTabFile + * @param zkPrincipal + * @param zkKeytab * @throws IOException */ private static String setZookeeperClientKerberosJaasConfig( diff --git a/llap-client/src/test/org/apache/hadoop/hive/registry/impl/TestZookeeperUtils.java b/llap-client/src/test/org/apache/hadoop/hive/registry/impl/TestZookeeperUtils.java index eb80cea9d892c62290915fb901d9b2b3922a2a04..46e74380c2409783ece8cbbcc010f0112c98d3b9 100644 --- a/llap-client/src/test/org/apache/hadoop/hive/registry/impl/TestZookeeperUtils.java +++ b/llap-client/src/test/org/apache/hadoop/hive/registry/impl/TestZookeeperUtils.java @@ -43,21 +43,30 @@ public void setup() { @Test public void testHadoopAuthKerberosAndZookeeperUseKerberos() { + Mockito.when(ugi.hasKerberosCredentials()).thenReturn(true); Mockito.when(ugi.isFromKeytab()).thenReturn(true); Assert.assertTrue(HiveConf.getBoolVar(conf, HiveConf.ConfVars.HIVE_ZOOKEEPER_USE_KERBEROS)); Assert.assertTrue(ZookeeperUtils.isKerberosEnabled(conf)); } + @Test + public void testHadoopAuthKerberosFromTicketAndZookeeperUseKerberos() { + Mockito.when(ugi.hasKerberosCredentials()).thenReturn(true); + Mockito.when(ugi.isFromKeytab()).thenReturn(false); + Assert.assertTrue(HiveConf.getBoolVar(conf, HiveConf.ConfVars.HIVE_ZOOKEEPER_USE_KERBEROS)); + Assert.assertTrue(ZookeeperUtils.isKerberosEnabled(conf)); + } + @Test public void testHadoopAuthKerberosAndZookeeperNoKerberos(){ - Mockito.when(ugi.isFromKeytab()).thenReturn(true); + Mockito.when(ugi.hasKerberosCredentials()).thenReturn(true); conf.setBoolean(HiveConf.ConfVars.HIVE_ZOOKEEPER_USE_KERBEROS.varname, false); Assert.assertFalse(ZookeeperUtils.isKerberosEnabled(conf)); } @Test public void testHadoopAuthSimpleAndZookeeperKerberos(){ - Mockito.when(ugi.isFromKeytab()).thenReturn(false); + Mockito.when(ugi.hasKerberosCredentials()).thenReturn(false); conf.setBoolean(HiveConf.ConfVars.HIVE_ZOOKEEPER_USE_KERBEROS.varname, false); Assert.assertFalse(ZookeeperUtils.isKerberosEnabled(conf)); } diff --git a/ql/src/java/org/apache/hadoop/hive/ql/exec/tez/TezSessionState.java b/ql/src/java/org/apache/hadoop/hive/ql/exec/tez/TezSessionState.java index baef0feacdb134ae668cb2ed6c00cdcd1ffe7f02..b4cdcb538deef9f2ff58c889b2a7b3d952e52344 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/exec/tez/TezSessionState.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/exec/tez/TezSessionState.java @@ -393,7 +393,12 @@ public TezClient call() throws Exception { } private boolean isKerberosEnabled(Configuration conf) { - return UserGroupInformation.isSecurityEnabled() && HiveConf.getBoolVar(conf, ConfVars.LLAP_USE_KERBEROS); + try { + return UserGroupInformation.getLoginUser().hasKerberosCredentials() && + HiveConf.getBoolVar(conf, ConfVars.LLAP_USE_KERBEROS); + } catch (IOException e) { + return false; + } } private static Token getLlapToken( diff --git a/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/security/ZooKeeperTokenStore.java b/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/security/ZooKeeperTokenStore.java index c9e85a6fc83030cd104e4aaa1aa373756489cc33..785fa02854099f959171dc6438775787ca36132b 100644 --- a/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/security/ZooKeeperTokenStore.java +++ b/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/security/ZooKeeperTokenStore.java @@ -95,7 +95,7 @@ private boolean isKerberosEnabled(Configuration conf) { try { - return UserGroupInformation.getLoginUser().isFromKeytab() && + return UserGroupInformation.getLoginUser().hasKerberosCredentials() && MetastoreConf.getBoolVar(conf, MetastoreConf.ConfVars.THRIFT_ZOOKEEPER_USE_KERBEROS); } catch (IOException e) { return false;