From 098a37b2d1ea29a058637d2c5c8bd08a3bd0af9e Mon Sep 17 00:00:00 2001
From: Fei Wang <fwang12@ebay.com>
Date: Wed, 10 Jan 2024 12:39:59 -0800
Subject: [PATCH] do not infer fromSubject if fromTicketCache && ugi

---
 .../org/apache/kyuubi/jdbc/hive/JdbcConnectionParams.java     | 1 +
 .../java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java    | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/JdbcConnectionParams.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/JdbcConnectionParams.java
index c60f3489958..f1ab717a383 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/JdbcConnectionParams.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/JdbcConnectionParams.java
@@ -53,6 +53,7 @@ public class JdbcConnectionParams {
   public static final String AUTH_PASSWD = "password";
   public static final String AUTH_KERBEROS_AUTH_TYPE = "kerberosAuthType";
   public static final String AUTH_KERBEROS_AUTH_TYPE_FROM_SUBJECT = "fromSubject";
+  public static final String AUTH_KERBEROS_AUTH_TYPE_FROM_TICKET_CACHE = "fromTicketCache";
   public static final String ANONYMOUS_USER = "anonymous";
   public static final String ANONYMOUS_PASSWD = "anonymous";
   public static final String USE_SSL = "ssl";
diff --git a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
index 47de5f7480b..9c109c24ae9 100644
--- a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
+++ b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
@@ -861,7 +861,9 @@ && hasSessionValue(AUTH_PRINCIPAL)
         && !hasSessionValue(AUTH_KYUUBI_CLIENT_KEYTAB)
         && (AUTH_KERBEROS_AUTH_TYPE_FROM_SUBJECT.equalsIgnoreCase(
                 sessConfMap.get(AUTH_KERBEROS_AUTH_TYPE))
-            || isHadoopUserGroupInformationDoAs());
+            || (!AUTH_KERBEROS_AUTH_TYPE_FROM_TICKET_CACHE.equalsIgnoreCase(
+                    sessConfMap.get(AUTH_KERBEROS_AUTH_TYPE))
+                && isHadoopUserGroupInformationDoAs()));
   }
 
   private boolean isTgtCacheAuthMode() {