hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashutosh Chauhan" <hashut...@apache.org>
Subject Re: Review Request: Pass user identity in metastore connection in unsecure mode
Date Sat, 17 Dec 2011 02:32:15 GMT


> On 2011-12-16 10:03:39, Thomas wrote:
> > Instead of introducing set_ugi into the metastore thrift interface, could this not
be solved through SASL (looks like a prime use case for SASL)? 
> > 
> > Have the server request transmission of ugi when configured to do so and the client
react accordingly. Similar to how delegation token is transmitted (SaslClientCallbackHandler).

I am not sure, how SASL could be used to solve this problem. Furthermore, even if it does
it will require lock-step upgrade of *all* clients, which is not desirable, whereas current
approach doesn't have this drawback. 


- Ashutosh


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2975/#review3947
-----------------------------------------------------------


On 2011-12-03 00:07:25, Ashutosh Chauhan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/2975/
> -----------------------------------------------------------
> 
> (Updated 2011-12-03 00:07:25)
> 
> 
> Review request for hive.
> 
> 
> Summary
> -------
> 
> Pass user identity in metastore connection in unsecure mode
> 
> 
> This addresses bug HIVE-2616.
>     https://issues.apache.org/jira/browse/HIVE-2616
> 
> 
> Diffs
> -----
> 
>   trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1209772 
>   trunk/metastore/if/hive_metastore.thrift 1209772 
>   trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h 1209772 
>   trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp 1209772 
>   trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp 1209772

>   trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
1209772 
>   trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php 1209772

>   trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote 1209772

>   trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py 1209772

>   trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb 1209772 
>   trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java 1209772

>   trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
1209772 
>   trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java PRE-CREATION

>   trunk/shims/ivy.xml 1209772 
>   trunk/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 1209772 
>   trunk/shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java 1209772

>   trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
1209772 
>   trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/TUGIAssumingTransport.java
PRE-CREATION 
>   trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java 1209772 
>   trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java
1209772 
>   trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TFilterTransport.java PRE-CREATION

>   trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java
PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/2975/diff
> 
> 
> Testing
> -------
> 
> All the tests in metastore dir passes. Manually tested that file on hdfs is owned by
user running the client and not by user running metastore server.
> 
> 
> Thanks,
> 
> Ashutosh
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message