Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
ghx-label-2
Description
When Apache Knox is being used to proxy connections to Impala, it used to be the case that Knox would return the authentication cookies generated by Impala, saving extra round trips and authentications to Kerberos/LDAP.
This was broken by KNOX-2223 - Knox only returns auth cookies that it thinks are for it, which it determines by checking for its Kerberos principal in the cookie string. With KNOX-2223, the principal is expected to be preceded by a '=', which Impala doesn't do.