[
https://issues.apache.org/jira/browse/HIVE-22354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16956897#comment-16956897
]
Ádám Szita commented on HIVE-22354:
-----------------------------------
[~dkuzmenko], [~pvary] let me know what you think please.
> LLAP status driver may look for worker registration on 'unsecure' ZK nodes
> --------------------------------------------------------------------------
>
> Key: HIVE-22354
> URL: https://issues.apache.org/jira/browse/HIVE-22354
> Project: Hive
> Issue Type: Bug
> Reporter: Ádám Szita
> Assignee: Ádám Szita
> Priority: Major
> Attachments: HIVE-22354.0.patch
>
>
> HIVE-22195 introduced a change in determining secure/unsecure environments:
> {code:java}
> public static boolean isKerberosEnabled(Configuration conf) {
> try {
> return UserGroupInformation.getLoginUser().isFromKeytab() &&
> HiveConf.getBoolVar(conf,
> HiveConf.ConfVars.HIVE_ZOOKEEPER_USE_KERBEROS);
> } catch (IOException e) {
> return false;
> }
> } {code}
> This won't work for cases where the JVM process was started after kinit (e.g.
> in a launcher shell script), where Kerberos authentication is not
> 'fromKeytab' but rather 'fromTicket' - it will return false even if we have a
> successfully authenticated principal.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
