[
https://issues.apache.org/jira/browse/HIVE-13391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15220165#comment-15220165
]
Siddharth Seth commented on HIVE-13391:
---------------------------------------
[~sershe] - I'm not sure the changes to MapRecordProcessor and the read path
are required either. I'll look at the UGI code to see what happens in case of
new threads being created etc. From what I remember, UGI context is not
transferred correctly in case of thread pools (or not updated when a new work
item is submitted to a threadpool). That, however, may not be an issue for us -
since there's a single UGI instance being used.
Do we want to retain the old functionality of sending tokens and running under
the ugi with tokens added ? LlapTaskCommunicator would need to be modified to
stop sending in some of the tokens (the session token is still required).
Using a single UGI for the entire daemon implies a single FileSystem instance
afaik. I wonder if this can cause performance issues - with the underlying DFS
client and IPC connections being shared. [~gopalv] - do you have any idea about
this ?
If this is the case, it should be possible to create a UGI per task (there's a
separate jira for a UGI pool - which would be ideal), which will have access to
the keytab.
Nit: Instead of calling this hdfsUgi - can we call it a kerberizedUgi or some
such ? It's not really tied to HDFS.
> add an option to LLAP to use keytab to authenticate to read data
> ----------------------------------------------------------------
>
> Key: HIVE-13391
> URL: https://issues.apache.org/jira/browse/HIVE-13391
> Project: Hive
> Issue Type: Bug
> Reporter: Sergey Shelukhin
> Assignee: Sergey Shelukhin
> Attachments: HIVE-13391.patch
>
>
> This can be used for non-doAs case to allow access to clients who don't
> propagate HDFS tokens.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
