[jira] [Commented] (HIVE-22354) LLAP status driver may look for worker registration on 'unsecure' ZK nodes

Tue, 22 Oct 2019 10:38:09 -0700 


    [ 
https://issues.apache.org/jira/browse/HIVE-22354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16957236#comment-16957236
 ] 

Hive QA commented on HIVE-22354:
--------------------------------



Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12983718/HIVE-22354.0.patch

{color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified.

{color:green}SUCCESS:{color} +1 due to 17546 tests passed

Test results: 
https://builds.apache.org/job/PreCommit-HIVE-Build/19108/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/19108/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-19108/

Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.YetusPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
{noformat}

This message is automatically generated.

ATTACHMENT ID: 12983718 - PreCommit-HIVE-Build

> LLAP status driver may look for worker registration on 'unsecure' ZK nodes
> --------------------------------------------------------------------------
>
>                 Key: HIVE-22354
>                 URL: https://issues.apache.org/jira/browse/HIVE-22354
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Ádám Szita
>            Assignee: Ádám Szita
>            Priority: Major
>         Attachments: HIVE-22354.0.patch
>
>
> HIVE-22195 introduced a change in determining secure/unsecure environments:
> {code:java}
> public static boolean isKerberosEnabled(Configuration conf) {
>   try {
>     return UserGroupInformation.getLoginUser().isFromKeytab() &&
>         HiveConf.getBoolVar(conf, 
> HiveConf.ConfVars.HIVE_ZOOKEEPER_USE_KERBEROS);
>   } catch (IOException e) {
>     return false;
>   }
> } {code}
> This won't work for cases where the JVM process was started after kinit (e.g. 
> in a launcher shell script), where Kerberos authentication is not 
> 'fromKeytab' but rather 'fromTicket' - it will return false even if we have a 
> successfully authenticated principal.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to