-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/20578/
-----------------------------------------------------------
Review request for hive, Ashutosh Chauhan and Vaibhav Gumashta.
Bugs: HIVE-6957
https://issues.apache.org/jira/browse/HIVE-6957
Repository: hive-git
Description
-------
In HiveServer2, when Kerberos auth and binary transport modes are used, the
user name that gets passed on to authorization is the long kerberos username.
The username that is used in grant/revoke statements tend to be the short
usernames.
This also fails in authorizing statements that involve URI, as the
authorization mode checks the file system permissions for given user. It does
not recognize that the given long username actually owns the file or belongs to
the group that owns the file.
Diffs
-----
itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/MiniHiveKdc.java
f7ec93d
itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java
62bfa1e
itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdcSQLAuth.java
PRE-CREATION
shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
9e296de
Diff: https://reviews.apache.org/r/20578/diff/
Testing
-------
Unit test included.
Thanks,
Thejas Nair
