[
https://issues.apache.org/jira/browse/HIVE-6799?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13956085#comment-13956085
]
Vaibhav Gumashta commented on HIVE-6799:
----------------------------------------
[~darumugam] I think this mapping is missing in case the user authenticating to
HiveServer2 is a service with principal of the form: serviceName/h...@realm.com
- right (which typically means a middleware server)?
> HiveServer2 needs to map kerberos name to local name before proxy check
> -----------------------------------------------------------------------
>
> Key: HIVE-6799
> URL: https://issues.apache.org/jira/browse/HIVE-6799
> Project: Hive
> Issue Type: Improvement
> Components: HiveServer2
> Reporter: Dilli Arumugam
> Assignee: Dilli Arumugam
>
> HiveServer2 does not map kerberos name of authenticated principal to local
> name.
> Due to this, I get error like the following in HiveServer log:
> Failed to validate proxy privilage of knox/hdps.example.com for sam
> I have KINITED as knox/hdps.example....@example.com
> I do have the following in core-site.xml
> <property>
> <name>hadoop.proxyuser.knox.groups</name>
> <value>users</value>
> </property>
> <property>
> <name>hadoop.proxyuser.knox.hosts</name>
> <value>*</value>
> </property>
--
This message was sent by Atlassian JIRA
(v6.2#6252)
