diff --git a/fe/fe-common/src/main/java/org/apache/doris/common/security/authentication/AuthenticationConfig.java b/fe/fe-common/src/main/java/org/apache/doris/common/security/authentication/AuthenticationConfig.java index 315cb901e2ba41..32a27b2263a746 100644 --- a/fe/fe-common/src/main/java/org/apache/doris/common/security/authentication/AuthenticationConfig.java +++ b/fe/fe-common/src/main/java/org/apache/doris/common/security/authentication/AuthenticationConfig.java @@ -18,12 +18,11 @@ package org.apache.doris.common.security.authentication; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.CommonConfigurationKeysPublic; public abstract class AuthenticationConfig { public static String HADOOP_USER_NAME = "hadoop.username"; - public static String HADOOP_SECURITY_AUTHENTICATION = "hadoop.security.authentication"; public static String HADOOP_KERBEROS_PRINCIPAL = "hadoop.kerberos.principal"; - public static String HADOOP_KERBEROS_AUTHORIZATION = "hadoop.security.authorization"; public static String HADOOP_KERBEROS_KEYTAB = "hadoop.kerberos.keytab"; public static String HIVE_KERBEROS_PRINCIPAL = "hive.metastore.kerberos.principal"; public static String HIVE_KERBEROS_KEYTAB = "hive.metastore.kerberos.keytab.file"; @@ -52,7 +51,7 @@ public static AuthenticationConfig getKerberosConfig(Configuration conf) { public static AuthenticationConfig getKerberosConfig(Configuration conf, String krbPrincipalKey, String krbKeytabKey) { - String authentication = conf.get(HADOOP_SECURITY_AUTHENTICATION, null); + String authentication = conf.get(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, null); if (AuthType.KERBEROS.getDesc().equals(authentication)) { KerberosAuthenticationConfig krbConfig = new KerberosAuthenticationConfig(); krbConfig.setKerberosPrincipal(conf.get(krbPrincipalKey)); diff --git a/fe/fe-common/src/main/java/org/apache/doris/common/security/authentication/HadoopUGI.java b/fe/fe-common/src/main/java/org/apache/doris/common/security/authentication/HadoopUGI.java index 3cd419ff706cbf..43c19fb1a3f405 100644 --- a/fe/fe-common/src/main/java/org/apache/doris/common/security/authentication/HadoopUGI.java +++ b/fe/fe-common/src/main/java/org/apache/doris/common/security/authentication/HadoopUGI.java @@ -19,6 +19,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.CommonConfigurationKeysPublic; import org.apache.hadoop.security.UserGroupInformation; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -42,7 +43,8 @@ private static UserGroupInformation loginWithUGI(AuthenticationConfig config) { if (config instanceof KerberosAuthenticationConfig) { KerberosAuthenticationConfig krbConfig = (KerberosAuthenticationConfig) config; Configuration hadoopConf = krbConfig.getConf(); - hadoopConf.set(AuthenticationConfig.HADOOP_KERBEROS_AUTHORIZATION, "true"); + hadoopConf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION, "true"); + hadoopConf.set(CommonConfigurationKeysPublic.HADOOP_KERBEROS_KEYTAB_LOGIN_AUTORENEWAL_ENABLED, "true"); UserGroupInformation.setConfiguration(hadoopConf); String principal = krbConfig.getKerberosPrincipal(); try { @@ -88,6 +90,10 @@ public static void tryKrbLogin(String catalogName, AuthenticationConfig config) if (config instanceof KerberosAuthenticationConfig) { KerberosAuthenticationConfig krbConfig = (KerberosAuthenticationConfig) config; try { + Configuration hadoopConf = krbConfig.getConf(); + hadoopConf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION, "true"); + hadoopConf.set(CommonConfigurationKeysPublic.HADOOP_KERBEROS_KEYTAB_LOGIN_AUTORENEWAL_ENABLED, "true"); + UserGroupInformation.setConfiguration(hadoopConf); /** * Because metastore client is created by using * {@link org.apache.hadoop.hive.metastore.RetryingMetaStoreClient#getProxy} diff --git a/fe/fe-core/src/main/java/org/apache/doris/catalog/HiveTable.java b/fe/fe-core/src/main/java/org/apache/doris/catalog/HiveTable.java index 385b79d493eb98..d1cf421aa8648e 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/catalog/HiveTable.java +++ b/fe/fe-core/src/main/java/org/apache/doris/catalog/HiveTable.java @@ -29,6 +29,7 @@ import com.google.common.base.Strings; import com.google.common.collect.Maps; +import org.apache.hadoop.fs.CommonConfigurationKeysPublic; import java.io.DataInput; import java.io.DataOutput; @@ -116,16 +117,16 @@ private void validate(Map properties) throws DdlException { } // check auth type - String authType = copiedProps.get(AuthenticationConfig.HADOOP_SECURITY_AUTHENTICATION); + String authType = copiedProps.get(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION); if (Strings.isNullOrEmpty(authType)) { authType = AuthType.SIMPLE.getDesc(); } if (!AuthType.isSupportedAuthType(authType)) { throw new DdlException(String.format(PROPERTY_ERROR_MSG, - AuthenticationConfig.HADOOP_SECURITY_AUTHENTICATION, authType)); + CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, authType)); } - copiedProps.remove(AuthenticationConfig.HADOOP_SECURITY_AUTHENTICATION); - hiveProperties.put(AuthenticationConfig.HADOOP_SECURITY_AUTHENTICATION, authType); + copiedProps.remove(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION); + hiveProperties.put(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, authType); if (AuthType.KERBEROS.getDesc().equals(authType)) { // check principal