hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thejas M Nair (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HIVE-4911) Enable QOP configuration for Hive Server 2 thrift transport
Date Mon, 19 Aug 2013 19:53:48 GMT

     [ https://issues.apache.org/jira/browse/HIVE-4911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Thejas M Nair updated HIVE-4911:
--------------------------------

    Release Note: 
This patch adds feature to enable enable integrity protection and confidentiality protection
( beyond just the default of authentication), for communication between hive jdbc driver and
hive server2 . You can use SASL (http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer)
 QOP property (http://docs.oracle.com/javase/7/docs/api/javax/security/sasl/Sasl.html#QOP)
configure this.

- This is only when kerberos is used for the HS2 client (jdbc/odbc application) authentication
with HS2.
- hive.server2.thrift.sasl.qop in hive site.xml has to be set to one of valid QOP values ('auth',
'auth-int' or 'auth-conf')
- specify sasl.qop in hive connection string sessionconf part of your jdbc hive connection
string. eg jdbc:hive://hostname/dbname;sasl.qop=auth-int

This also adds SASL QOP protection for metastore client server communication. You can enable
it using hadoop configuration paramter hadoop.rpc.protection.



Adding release notes.

                
> Enable QOP configuration for Hive Server 2 thrift transport
> -----------------------------------------------------------
>
>                 Key: HIVE-4911
>                 URL: https://issues.apache.org/jira/browse/HIVE-4911
>             Project: Hive
>          Issue Type: New Feature
>            Reporter: Arup Malakar
>            Assignee: Arup Malakar
>             Fix For: 0.12.0
>
>         Attachments: 20-build-temp-change-1.patch, 20-build-temp-change.patch, HIVE-4911-trunk-0.patch,
HIVE-4911-trunk-1.patch, HIVE-4911-trunk-2.patch, HIVE-4911-trunk-3.patch
>
>
> The QoP for hive server 2 should be configurable to enable encryption. A new configuration
should be exposed "hive.server2.thrift.rpc.protection". This would give greater control configuring
hive server 2 service.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message