hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thejas Nair" <the...@hortonworks.com>
Subject Re: Review Request 12824: [HIVE-4911] Enable QOP configuration for Hive Server 2 thrift transport
Date Wed, 24 Jul 2013 19:59:49 GMT


> On July 23, 2013, 9:48 p.m., Thejas Nair wrote:
> > jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java, line 142
> > <https://reviews.apache.org/r/12824/diff/1/?file=324969#file324969line142>
> >
> >     the HIVE_AUTH_TYPE env variable is called "auth".
> >     Should we use something more descriptive like "sasl.qop" as the variable that
sets the QOP level.
> >
> 
> Arup Malakar wrote:
>     I am totally agree that a different key name should be used for qop settings. As
the current HIVE_AUTH_TYPE configuration key is overloaded. Original idea was to clean up
the configuration keys which is being taken care of in: https://issues.apache.org/jira/browse/HIVE-4232.
Once the auth params are taken care of, I had plans of introducing a new parameter called
qop which would be used to configure the QoP alone. But since HIVE-4232 is not yet committed,
I ended up using the HIVE_AUTH_TYPE. I can rebase if HIVE-4232 goes in.
> 
> Arup Malakar wrote:
>     I am totally agree that a different key name should be used for qop settings. As
the current HIVE_AUTH_TYPE configuration key is overloaded. Original idea was to clean up
the configuration keys which is being taken care of in: https://issues.apache.org/jira/browse/HIVE-4232.
Once the auth params are taken care of, I had plans of introducing a new parameter called
qop which would be used to configure the QoP alone. But since HIVE-4232 is not yet committed,
I ended up using the HIVE_AUTH_TYPE. I can rebase if HIVE-4232 goes in.

Once this becomes part of a release, we would need to worry about backward compatibility.
ie, we would need to continue to support "auth=auth" , "auth=auth-int" etc .
I think using sasl.qop as parameter name instead would makes sense with or without HIVE-4232
changes.


- Thejas


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/12824/#review23711
-----------------------------------------------------------


On July 24, 2013, 4:43 p.m., Arup Malakar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/12824/
> -----------------------------------------------------------
> 
> (Updated July 24, 2013, 4:43 p.m.)
> 
> 
> Review request for hive.
> 
> 
> Bugs: HIVE-4911
>     https://issues.apache.org/jira/browse/HIVE-4911
> 
> 
> Repository: hive-git
> 
> 
> Description
> -------
> 
> The QoP for hive server 2 should be configurable to enable encryption. A new configuration
should be exposed "hive.server2.thrift.rpc.protection". This would give greater control configuring
hive server 2 service.
> 
> 
> Diffs
> -----
> 
>   common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 11c31216495d0c4e454f2627af5c93a9f270b1fe

>   conf/hive-default.xml.template 603b475802152a4bd5ab92a4c7146b56f6be020d 
>   jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java 00f43511b478c687b7811fc8ad66af2b507a3626

>   metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java 72eac989394a3899998e52d3845b02bb38ebeaad

>   metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java cef50f40ccb047a8135f704b2997968a2cf477b8

>   metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java 88151a1d48b12cf3a8346ae94b6d1a182a331992

>   service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java 1809e1b26ceee5de14a354a0e499aa8c0ab793bf

>   service/src/java/org/apache/hive/service/auth/KerberosSaslHelper.java 379dafb8377aed55e74f0ae18407996bb9e1216f

>   service/src/java/org/apache/hive/service/auth/SaslQOP.java PRE-CREATION 
>   shims/src/common-secure/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
777226f8da0af2235d4294cd6a676fa8192c89e4 
>   shims/src/common/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java 9b0ec0a75563b41339e6fc747556440fdf83e31e

> 
> Diff: https://reviews.apache.org/r/12824/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Arup Malakar
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message