[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

Fri, 02 Dec 2011 16:06:03 -0800 

    [ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13161942#comment-13161942
 ] 

Ashutosh Chauhan commented on HIVE-2616:
----------------------------------------

Some design notes:

MetaStoreClient makes a (newly introduced) rpc immediately after opening the 
connection called set_ugi() which sends ugi information to server. On the 
server side this patch introduces new transport called TUGIContainingTransport. 
This transport simply wraps underlying TSocket transport and stores UGI with 
it. Patch also introduces new processor called TUGIBasedProcessor which extends 
ThriftHiveMetaStoreProcessor. It annotates underlying transport with ugi 
information when first call by metastore client is made. It then subsequently 
executes following rpc in context of the ugi. 

Implementation Notes: Requires some shims gymnastics to make it work with both 
20 and 20S shims because UserGroupInformation has changed significantly between 
two. 
                
> Passing user identity from metastore client to server in non-secure mode
> ------------------------------------------------------------------------
>
>                 Key: HIVE-2616
>                 URL: https://issues.apache.org/jira/browse/HIVE-2616
>             Project: Hive
>          Issue Type: Bug
>          Components: Metastore
>            Reporter: Ashutosh Chauhan
>            Assignee: Ashutosh Chauhan
>         Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch
>
>
> Currently in unsecure mode client don't pass on user identity. As a result 
> hdfs and other operations done by server gets executed by user running 
> metastore process instead of being done in context of client. This results in 
> problem as reported here: 
> http://mail-archives.apache.org/mod_mbox/hive-user/201111.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to