The metastore is running as user "hive", and we are indeed running unsecured mode. Do i understand it correctly that in the thrift interface does provide a way to communicate the identity but in unsecured mode it is not being used? And does this mean that if i care about seeing the correct user execute the query in the logs, i have to use secure hadoop (with Kerberos)? Does secure mode suport hive JDBC? Thanks! Koert
On Tue, Sep 6, 2011 at 11:47 AM, Ashutosh Chauhan <hashut...@apache.org>wrote: > Hey Koert, > > I am assuming 'thrift' is the name of user through which thrift metastore > is running. I also assume you are running in unsecure mode. If you run with > security turned on, meaning secure hadoop cluster with secure thrift server, > you will see the name of the original user. This is so because in secure > mode, metastore server proxies the original user through doAs() which > preserves the identity which is not the case in unsecure mode. > Through hive client you see the usernames correctly even In unsecure mode > because its a hive client process (which is run as koert) which does the > filesystem operations. > > Hope it helps, > Ashutosh > > > On Tue, Sep 6, 2011 at 08:22, Koert Kuipers <ko...@tresata.com> wrote: > >> When i run a query from the hive command line client i can see that it is >> being run as me (for example, in HDFS log i see INFO >> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.audit: ugi=koert). >> >> But when i do anything with the thrift interface my username is lost (i >> see ugi=thrift in HDFS logs). Is there a way in the thrift interface to >> communicate/preserve the username? >> And if this is possible in thrift, then what about jdbc? i tried creating >> a jdbc connection with username and password passed in but as far as i can >> see it is ignored (ugi=thrift again in the HDFS logs). >> >> >
