hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashutosh Chauhan (JIRA)" <>
Subject [jira] [Commented] (HIVE-3807) Hive authorization should use short username when Kerberos authentication
Date Wed, 16 Jan 2013 17:28:12 GMT


Ashutosh Chauhan commented on HIVE-3807:

AFAIK hive auth model is not turned on at most places, so we can get away by providing helper
script, instead of adding checks in code. Lets, provide a script which Hive admins can run
to re-grant privileges with short names to all the existing users. 
> Hive authorization should use short username when Kerberos authentication
> -------------------------------------------------------------------------
>                 Key: HIVE-3807
>                 URL:
>             Project: Hive
>          Issue Type: Improvement
>          Components: Authorization
>    Affects Versions: 0.9.0, 0.10.0
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>         Attachments: HIVE-3807.patch
> Currently when authentication method is Kerberos,Hive authorization uses user full name
as privilege principal, for example, it uses john@EXAMPLE.COM instead of john.
> It should use the short name instead. The benefits:
> 1. Be consistent. Hadoop, HBase and etc they all use short name in related ACLs or authorizations.
For Hive authorization works well with them, this should be.
> 2. Be convenient. It's very inconvenient to use the lengthy Kerberos principal name when
grant or revoke privileges via Hive CLI.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message