hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcelo Vanzin" <vanzin+...@cloudera.com>
Subject Review Request 30385: Use SASL to establish the remote context connection.
Date Wed, 28 Jan 2015 23:22:46 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30385/
-----------------------------------------------------------

Review request for hive, Brock Noland, chengxiang li, and Xuefu Zhang.


Bugs: HIVE-9487
    https://issues.apache.org/jira/browse/HIVE-9487


Repository: hive-git


Description
-------

Instead of the insecure, ad-hoc auth mechanism currently used, perform
a SASL negotiation to establish trust. This requires the secret to be
distributed through some secure channel (just like before).

Using SASL with DIGEST-MD5 (or GSSAPI, which hasn't been tested and
probably wouldn't work well here) also allows us to add encryption
without the need for SSL (yay?).

Only DIGEST-MD5 has been really tested. Supporting other mechanisms
will probably mean adding new callback handlers in the client and
server portions, but shouldn't be hard if desired.


Diffs
-----

  common/src/java/org/apache/hadoop/hive/conf/HiveConf.java d4d98d7c0c28cdb1d19c700e20537ef405be2e01

  spark-client/src/main/java/org/apache/hive/spark/client/RemoteDriver.java ce2f9b6b132dc47f899798e47d18a1f6b0dd707f

  spark-client/src/main/java/org/apache/hive/spark/client/SparkClientFactory.java 3a7149341bac086e5efe931595143d3bebbdb5db

  spark-client/src/main/java/org/apache/hive/spark/client/SparkClientImpl.java 5f9be658a855cc15c576f1a98376fcd85475e3b7

  spark-client/src/main/java/org/apache/hive/spark/client/rpc/KryoMessageCodec.java 0c29c9441fb3e9daf690510a2c9b5716671e2571

  spark-client/src/main/java/org/apache/hive/spark/client/rpc/README.md 2c858a121aaeca6af20f5e332de207694348a030

  spark-client/src/main/java/org/apache/hive/spark/client/rpc/Rpc.java fffe24b3cbe6a5d7387e751adbc65f5b140c9089

  spark-client/src/main/java/org/apache/hive/spark/client/rpc/RpcConfiguration.java eff640f7b24348043dbce734510698d9294579c6

  spark-client/src/main/java/org/apache/hive/spark/client/rpc/RpcServer.java 5e18a3c0b5ea4f1b9c83f78faa3408e2dd479c2c

  spark-client/src/main/java/org/apache/hive/spark/client/rpc/SaslHandler.java PRE-CREATION

  spark-client/src/test/java/org/apache/hive/spark/client/rpc/TestKryoMessageCodec.java af534375a3ed86a3a9ad57c2f21a9a8bf6113714

  spark-client/src/test/java/org/apache/hive/spark/client/rpc/TestRpc.java ec7842398d3c4112f83f00e8cd3e5d4f9fdf8ca9


Diff: https://reviews.apache.org/r/30385/diff/


Testing
-------

Unit tests.


Thanks,

Marcelo Vanzin


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message