Return-Path: 
 <dev-return-53967-apmail-hive-dev-archive=hive.apache.org@hive.apache.org>
X-Original-To: apmail-hive-dev-archive@www.apache.org
Delivered-To: apmail-hive-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id C27B81051F
	for <apmail-hive-dev-archive@www.apache.org>;
 Tue, 11 Jun 2013 03:33:25 +0000 (UTC)
Received: (qmail 8130 invoked by uid 500); 11 Jun 2013 03:33:24 -0000
Delivered-To: apmail-hive-dev-archive@hive.apache.org
Received: (qmail 8034 invoked by uid 500); 11 Jun 2013 03:33:24 -0000
Mailing-List: contact dev-help@hive.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@hive.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@hive.apache.org>
List-Post: <mailto:dev@hive.apache.org>
List-Id: <dev.hive.apache.org>
Reply-To: dev@hive.apache.org
Delivered-To: mailing list dev@hive.apache.org
Received: (qmail 7808 invoked by uid 500); 11 Jun 2013 03:33:23 -0000
Delivered-To: apmail-hadoop-hive-dev@hadoop.apache.org
Received: (qmail 7799 invoked by uid 99); 11 Jun 2013 03:33:23 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Jun 2013 03:33:23 +0000
Date: Tue, 11 Jun 2013 03:33:23 +0000 (UTC)
From: "Prasad Mujumdar (JIRA)" <jira@apache.org>
To: hive-dev@hadoop.apache.org
Message-ID: <JIRA.12652141.1370920952352.97868.1370921603224@arcas>
In-Reply-To: <JIRA.12652141.1370920952352@arcas>
References: <JIRA.12652141.1370920952352@arcas>
Subject: [jira] [Updated] (HIVE-4707) Support configurable domain name for
 HiveServer2 LDAP authentication using Active Directory
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/HIVE-4707?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Prasad Mujumdar updated HIVE-4707:
----------------------------------

    Status: Patch Available  (was: Open)

Review request on https://reviews.apache.org/r/11793/
                
> Support configurable domain name for HiveServer2 LDAP authentication using Active Directory
> -------------------------------------------------------------------------------------------
>
>                 Key: HIVE-4707
>                 URL: https://issues.apache.org/jira/browse/HIVE-4707
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2
>    Affects Versions: 0.11.0
>            Reporter: Prasad Mujumdar
>            Assignee: Prasad Mujumdar
>             Fix For: 0.12.0
>
>         Attachments: HIVE-4707-1.patch
>
>
> LDAP providers like Active Directory use a fully qualified user name in user@domain format. For HiveServer2 LDAP auth can be used with active directory by passing the userid in that format. This causes hive authentication module to retrun the username in that mangled format. This prohibits LDAP users to be impersonated over secure hadoop or reported correctly in audit etc.
> HiveServer2 should support a configurable LDAP domain that is appended to the user name.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira