hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Venkatesh S (JIRA)" <>
Subject [jira] Commented: (HIVE-842) Authentication Infrastructure for Hive
Date Fri, 24 Sep 2010 10:58:36 GMT


Venkatesh S commented on HIVE-842:

> Should the metastore always take HDFS actions as the user making the RPC?
Yes, metastore will run as a super-user (Hadoop proxy user) enabling DO AS operations and
impersonate the target user while accessing data on HDFS.

> If we see that Hadoop Security is enabled, should we enable SASL on the metastore thrift
server by default?
I'd think so.

> should there be an option whereby the metastore uses a keytab to authenticate to HDFS,
but doesn't require users to authenticate to it?
Wouldn't this leave a hole as it currently exists?

> Authentication Infrastructure for Hive
> --------------------------------------
>                 Key: HIVE-842
>                 URL:
>             Project: Hadoop Hive
>          Issue Type: New Feature
>          Components: Server Infrastructure
>            Reporter: Edward Capriolo
>            Assignee: Todd Lipcon
>         Attachments: HiveSecurityThoughts.pdf
> This issue deals with the authentication (user name,password) infrastructure. Not the
authorization components that specify what a user should be able to do.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message