hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashutosh Chauhan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-4707) Support configurable domain name for HiveServer2 LDAP authentication using Active Directory
Date Mon, 17 Jun 2013 05:33:20 GMT

    [ https://issues.apache.org/jira/browse/HIVE-4707?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13684987#comment-13684987
] 

Ashutosh Chauhan commented on HIVE-4707:
----------------------------------------

One option was to use username like foo@bar.com ie, append domain name with username, since
only thing patch does is append domain to username. Not saying this is a better approach,
but thought you may have already tried this. Did that result in any issue?
                
> Support configurable domain name for HiveServer2 LDAP authentication using Active Directory
> -------------------------------------------------------------------------------------------
>
>                 Key: HIVE-4707
>                 URL: https://issues.apache.org/jira/browse/HIVE-4707
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2
>    Affects Versions: 0.11.0
>            Reporter: Prasad Mujumdar
>            Assignee: Prasad Mujumdar
>             Fix For: 0.12.0
>
>         Attachments: HIVE-4707-1.patch
>
>
> LDAP providers like Active Directory use a fully qualified user name in user@domain format.
For HiveServer2 LDAP auth can be used with active directory by passing the userid in that
format. This causes hive authentication module to retrun the username in that mangled format.
This prohibits LDAP users to be impersonated over secure hadoop or reported correctly in audit
etc.
> HiveServer2 should support a configurable LDAP domain that is appended to the user name.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message