----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/20578/#review41224 -----------------------------------------------------------
itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdcSQLAuth.java <https://reviews.apache.org/r/20578/#comment74663> Should we add another test when HiveServer2 is running in http mode (since username is set in a different way in binary/http mode)? shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java <https://reviews.apache.org/r/20578/#comment74659> I was thinking we should start adding more docs to the code in general to explain the intent. For example, we can add a little note here. shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java <https://reviews.apache.org/r/20578/#comment74660> Similar to above comment, we can add a note here to call out the intent. shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java <https://reviews.apache.org/r/20578/#comment74661> Should we log the short username at debug level? - Vaibhav Gumashta On April 22, 2014, 9:32 p.m., Thejas Nair wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/20578/ > ----------------------------------------------------------- > > (Updated April 22, 2014, 9:32 p.m.) > > > Review request for hive, Ashutosh Chauhan and Vaibhav Gumashta. > > > Bugs: HIVE-6957 > https://issues.apache.org/jira/browse/HIVE-6957 > > > Repository: hive-git > > > Description > ------- > > In HiveServer2, when Kerberos auth and binary transport modes are used, the > user name that gets passed on to authorization is the long kerberos username. > The username that is used in grant/revoke statements tend to be the short > usernames. > This also fails in authorizing statements that involve URI, as the > authorization mode checks the file system permissions for given user. It does > not recognize that the given long username actually owns the file or belongs > to the group that owns the file. > > > Diffs > ----- > > itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/MiniHiveKdc.java > f7ec93d > > itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java > 62bfa1e > > itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdcSQLAuth.java > PRE-CREATION > > shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java > 9e296de > > Diff: https://reviews.apache.org/r/20578/diff/ > > > Testing > ------- > > Unit test included. > > > Thanks, > > Thejas Nair > >
