Return-Path: Delivered-To: apmail-hive-dev-archive@www.apache.org Received: (qmail 13126 invoked from network); 19 Jan 2011 17:59:10 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 19 Jan 2011 17:59:10 -0000 Received: (qmail 94575 invoked by uid 500); 19 Jan 2011 17:59:10 -0000 Delivered-To: apmail-hive-dev-archive@hive.apache.org Received: (qmail 94284 invoked by uid 500); 19 Jan 2011 17:59:08 -0000 Mailing-List: contact dev-help@hive.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hive.apache.org Delivered-To: mailing list dev@hive.apache.org Received: (qmail 93961 invoked by uid 500); 19 Jan 2011 17:59:08 -0000 Delivered-To: apmail-hadoop-hive-dev@hadoop.apache.org Received: (qmail 93957 invoked by uid 99); 19 Jan 2011 17:59:07 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Jan 2011 17:59:07 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Jan 2011 17:59:07 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id p0JHwkvL002825 for ; Wed, 19 Jan 2011 17:58:47 GMT Message-ID: <33268781.63681295459926922.JavaMail.jira@thor> Date: Wed, 19 Jan 2011 12:58:46 -0500 (EST) From: "Devaraj Das (JIRA)" To: hive-dev@hadoop.apache.org Subject: [jira] Commented: (HIVE-1696) Add delegation token support to metastore MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HIVE-1696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12983814#action_12983814 ] Devaraj Das commented on HIVE-1696: ----------------------------------- For the record, I'd like to mention that Pradeep Kamath did a lot of initial work on the patch. Thanks, Pradeep! > Add delegation token support to metastore > ----------------------------------------- > > Key: HIVE-1696 > URL: https://issues.apache.org/jira/browse/HIVE-1696 > Project: Hive > Issue Type: Sub-task > Components: Metastore, Security, Server Infrastructure > Reporter: Todd Lipcon > Assignee: Devaraj Das > Fix For: 0.7.0 > > Attachments: hive-1696-1-with-gen-code.patch, hive-1696-1.patch, hive-1696-3-with-gen-code.patch, hive-1696-3.patch, hive-1696-4-with-gen-code.1.patch, hive-1696-4-with-gen-code.patch, hive-1696-4.patch, hive-1696-4.patch, hive_1696.patch, hive_1696.patch, hive_1696_no-thrift.patch > > > As discussed in HIVE-842, kerberos authentication is only sufficient for authentication of a hive user client to the metastore. There are other cases where thrift calls need to be authenticated when the caller is running in an environment without kerberos credentials. For example, an MR task running as part of a hive job may want to report statistics to the metastore, or a job may be running within the context of Oozie or Hive Server. > This JIRA is to implement support of delegation tokens for the metastore. The concept of a delegation token is borrowed from the Hadoop security design - the quick summary is that a kerberos-authenticated client may retrieve a binary token from the server. This token can then be passed to other clients which can use it to achieve authentication as the original user in lieu of a kerberos ticket. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.