[HIVE-6957] SQL authorization does not work with HS2 binary mode and Kerberos auth - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 0.13.0
Fix Version/s: 0.13.1, 0.14.0
Component/s: Authorization, HiveServer2
Labels:
None

Description

In HiveServer2, when Kerberos auth and binary transport modes are used, the user name that gets passed on to authorization is the long kerberos username.
The username that is used in grant/revoke statements tend to be the short usernames.
This also fails in authorizing statements that involve URI, as the authorization mode checks the file system permissions for given user. It does not recognize that the given long username actually owns the file or belongs to the group that owns the file.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HIVE-6957.04-branch.0.13.patch
25/Apr/14 17:33
1 kB
Thejas Nair
HIVE-6957.4.patch
25/Apr/14 00:34
27 kB
Thejas Nair
HIVE-6957.3.patch
24/Apr/14 23:19
27 kB
Thejas Nair
HIVE-6957.2.patch
24/Apr/14 22:15
21 kB
Thejas Nair
HIVE-6957.1.patch
22/Apr/14 21:26
11 kB
Thejas Nair

Issue Links

links to

review board

Activity

People

Assignee:: Thejas Nair

Reporter:: Thejas Nair

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/Apr/14 21:24

Updated:: 09/Jun/14 06:39

Resolved:: 28/Apr/14 22:09