----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/19599/#review38572 -----------------------------------------------------------
conf/hive-default.xml.template <https://reviews.apache.org/r/19599/#comment70846> Can you make the description a little more elaborate? Something like - "SPNego service principal that would be used by hiveserver2 when kerberos security is enabled and HTTP transport mode is used. It needs to be set only if SPNEGO is to be used in authentication. Typical value would look like HTTP/_h...@example.com" conf/hive-default.xml.template <https://reviews.apache.org/r/19599/#comment70847> Can you also make this a little more descriptive like suggested for previous param ? - Thejas Nair On March 26, 2014, 1:18 a.m., dilli dorai wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/19599/ > ----------------------------------------------------------- > > (Updated March 26, 2014, 1:18 a.m.) > > > Review request for hive, Ashutosh Chauhan, Thejas Nair, and Vaibhav Gumashta. > > > Bugs: HIVE-6697 > https://issues.apache.org/jira/browse/HIVE-6697 > > > Repository: hive-git > > > Description > ------- > > See JIra for description > https://issues.apache.org/jira/browse/HIVE-6697 > > > Diffs > ----- > > common/src/java/org/apache/hadoop/hive/conf/HiveConf.java affcbb4 > conf/hive-default.xml.template 3c3df43 > service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java 6e6a47d > service/src/java/org/apache/hive/service/cli/CLIService.java e31a74e > > service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpCLIService.java > cb01cfd > service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java > 255a165 > shims/0.20/src/main/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java > 9aa555a > > shims/common-secure/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java > d4cddda > shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java > ed951f1 > > Diff: https://reviews.apache.org/r/19599/diff/ > > > Testing > ------- > > ## Verification of enhancement with Beeline/JDBC > > ### Verified the following calls succeeded getting connection, and listig > tables, > when valid spnego.principal and spengo.keytab are specified in hive-site.xml, > and the client has KINITed and has a valid kerberos ticket in cache > > > !connect > jdbc:hive2://hdps.example.com:10001/default;principal=hive/hdps.example....@example.com?hive.server2.transport.mode=http;hive.server2.thrift.http.path=cliservice > dummy dummy-pass org.apache.hive.jdbc.HiveDriver > > > !connect > jdbc:hive2://hdps.example.com:10001/default;principal=HTTP/hdps.example....@example.com?hive.server2.transport.mode=http;hive.server2.thrift.http.path=cliservice > dummy dummy-pass org.apache.hive.jdbc.HiveDriver > > ### Verified the following call succeeded getting connection, and listig > tables, > even if valid spnego.principal or valid spengo.keytab is not specified in > hive-site.xml, > as long as valid hive server2 kerberos principal and keytab are specified in > hive-site.xml, > and the client has KINITed and has a valid kerberos ticket in cache > > !connect > jdbc:hive2://hdps.example.com:10001/default;principal=hive/hdps.example....@example.com?hive.server2.transport.mode=http;hive.server2.thrift.http.path=cliservice > dummy dummy-pass org.apache.hive.jdbc.HiveDriver > > ### Verified the following call failed getting connection, > when valid spnego.principal or valid spengo.keytab is not specified in > hive-site.xml > > !connect > jdbc:hive2://hdps.example.com:10001/default;principal=HTTP/hdps.example....@example.com?hive.server2.transport.mode=http;hive.server2.thrift.http.path=cliservice > dummy dummy-pass org.apache.hive.jdbc.HiveDriver > > ## Verification of enhancement with Apache Knox > > Apache Knox was able to authenticate to hive server 2 as SPNego client using > Apache HttpClient, > and list tables, when correct spnego.principal and spengo.keytab are > specified in hive-site.xml > > Apache Knox was not able to authenticate to hive server 2 as SPNego client > using Apache HttpClient, > when valid spnego.principal or spengo.keytab is not specified in hive-site.xml > > ## Verification of enhancement with curl > > ### when valid spnego.principal and spengo.keytab are specified in > hive-site.xml > and the client has KINITed and has a valid kerberos ticket in cache > > curl -i --negotiate -u : http://hdps.example.com:10001/cliservice > > SPNego authentication succeeded and got a HTTP status code 500, > since we did not end Thrift body content > > ### when valid spnego.principal and spengo.keytab are specified in > hive-site.xml > and the client has not KINITed and does not have a valid kerberos ticket in > cache > > curl -i --negotiate -u : http://hdps.example.com:10001/cliservice > > url -i --negotiate -u : http://hdps.example.com:10001/cliservice > HTTP/1.1 401 Unauthorized > WWW-Authenticate: Negotiate > Content-Type: application/x-thrift;charset=ISO-8859-1 > Content-Length: 69 > Server: Jetty(7.6.0.v20120127) > > Authentication Error: java.lang.reflect.UndeclaredThrowableException > > > Thanks, > > dilli dorai > >
