hadoop-hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashish Thusoo (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HIVE-78) Authentication infrastructure for Hive
Date Tue, 25 Nov 2008 00:21:44 GMT

    [ https://issues.apache.org/jira/browse/HIVE-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12650407#action_12650407
] 

Ashish Thusoo commented on HIVE-78:
-----------------------------------

For Active Directory I think JNDI will work as long as we work off GSSAPI - so I think Kerb
V should work with JNDI.

However, the traditional authentication mechanisms of NTLM and NTLMv2, I think those will
not work with AD as they are proprietary protocols and the only public domain implementations
of those are present in Samba. They are mostly an issue for old machines and old directory
installations. We may as well do JNDI for now and then 
address these later.

Will check out JDBCRealm, I have not used those in the past.

For query side roles we could just model those on mysql privileges. Some of the basic ones
include:

- SELECT
- INSERT
- ALTER TABLE
- CREATE
- DROP

And on the server administration side, things like:
- KILL SESSION(QUERY)
- SHUTDOWN
- STARTUP
- VIEW SESSIONS

are useful...

We could role these privileges up into role objects so essentially your

hiveuser role would become SELECT, INSERT, CREATE
while hiveadmin would become KILL SESSION, SHUTDOWN, STARTUP, VIEW SESSIONS, DROP, ALTER +
whatever is in hiveusers






> Authentication infrastructure for Hive
> --------------------------------------
>
>                 Key: HIVE-78
>                 URL: https://issues.apache.org/jira/browse/HIVE-78
>             Project: Hadoop Hive
>          Issue Type: New Feature
>            Reporter: Ashish Thusoo
>            Assignee: Ashish Thusoo
>
> Allow hive to integrate with existing user repositories for authentication and authorization
infromation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message