hadoop-hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Venkatesh S (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HIVE-842) Authentication Infrastructure for Hive
Date Fri, 24 Sep 2010 10:58:36 GMT

    [ https://issues.apache.org/jira/browse/HIVE-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12914408#action_12914408
] 

Venkatesh S commented on HIVE-842:
----------------------------------

> Should the metastore always take HDFS actions as the user making the RPC?
Yes, metastore will run as a super-user (Hadoop proxy user) enabling DO AS operations and
impersonate the target user while accessing data on HDFS.

> If we see that Hadoop Security is enabled, should we enable SASL on the metastore thrift
server by default?
I'd think so.

> should there be an option whereby the metastore uses a keytab to authenticate to HDFS,
but doesn't require users to authenticate to it?
Wouldn't this leave a hole as it currently exists?

> Authentication Infrastructure for Hive
> --------------------------------------
>
>                 Key: HIVE-842
>                 URL: https://issues.apache.org/jira/browse/HIVE-842
>             Project: Hadoop Hive
>          Issue Type: New Feature
>          Components: Server Infrastructure
>            Reporter: Edward Capriolo
>            Assignee: Todd Lipcon
>         Attachments: HiveSecurityThoughts.pdf
>
>
> This issue deals with the authentication (user name,password) infrastructure. Not the
authorization components that specify what a user should be able to do.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message