[HUE-770] [beeswax] Improve secured cluster configuration experience - Cloudera Open Source

Details

Type: Improvement
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.0.1
Fix Version/s: 2.2.0
Component/s: con.hive
Labels:
None

Target Version:

2.2.0

Description

https://github.com/cloudera/hue/issues/12

hive query uses default principal hue/localhost@<REALM> in secure cluster

I configured CDH4 with kerberos and my hive queries failed until I added beeswax_server_host value and tweaked beeswax/db_utils.py to support my non-standard hue principal name (needed to comply with my company's kerberos naming conventions).

I didn't discover the beeswax_server_host configuration option until digging through code. Since the default of localhost isn't great for a secured cluster I'd request that the beeswax_server_host configuration option be added in the Beeswax section with some comment that it might be needed for secure clusters. Further, the call thrift_util.get_client in beeswax/src/beeswax/db_utils.py uses a hardcoded kerberos_principal value which doesn't accommodate kerberos configurations which need to make use of kerberos principal to short name mapping such as is possible through "hadoop.security.auth_to_local".

Attachments

Issue Links

is duplicated by

HUE-953 [beeswax] Hue security setup may be limited to using the "hue" principal short name

Resolved

Activity

People

Assignee:

Romain Rigaux

Reporter:

Romain Rigaux

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

10/Jul/12 6:06 PM

Updated:

09/May/16 7:52 PM

Resolved:

12/Dec/12 9:53 PM