Ádám Szita created HIVE-22354:
---------------------------------
Summary: LLAP status driver may look for worker registration on
'unsecure' ZK nodes
Key: HIVE-22354
URL: https://issues.apache.org/jira/browse/HIVE-22354
Project: Hive
Issue Type: Bug
Reporter: Ádám Szita
Assignee: Ádám Szita
HIVE-22195 introduced a change in determining secure/unsecure environments:
{code:java}
public static boolean isKerberosEnabled(Configuration conf) {
try {
return UserGroupInformation.getLoginUser().isFromKeytab() &&
HiveConf.getBoolVar(conf,
HiveConf.ConfVars.HIVE_ZOOKEEPER_USE_KERBEROS);
} catch (IOException e) {
return false;
}
} {code}
This won't work for cases where the JVM process was started after kinit (e.g.
in a launcher shell script), where Kerberos authentication is not 'fromKeytab'
but rather 'fromTicket' - it will return false even if we have a successfully
authenticated principal.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
