hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lefty Leverenz (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-10312) SASL.QOP in JDBC URL is ignored for Delegation token Authentication
Date Mon, 20 Apr 2015 17:20:59 GMT

    [ https://issues.apache.org/jira/browse/HIVE-10312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14503241#comment-14503241
] 

Lefty Leverenz commented on HIVE-10312:
---------------------------------------

The Hive wiki only mentions QOP in two places:

* [Setting Up HiveServer2 -- Integrity/Confidentiality Protection | https://cwiki.apache.org/confluence/display/Hive/Setting+Up+HiveServer2#SettingUpHiveServer2-Integrity/ConfidentialityProtection]
* [Configuration Properties -- hive.server2.thrift.sasl.qop | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.thrift.sasl.qop]

> SASL.QOP in JDBC URL is ignored for Delegation token Authentication
> -------------------------------------------------------------------
>
>                 Key: HIVE-10312
>                 URL: https://issues.apache.org/jira/browse/HIVE-10312
>             Project: Hive
>          Issue Type: Bug
>          Components: JDBC
>    Affects Versions: 1.2.0
>            Reporter: Mubashir Kazia
>             Fix For: 1.2.0
>
>         Attachments: HIVE-10312.1.patch
>
>
> When HS2 is configured for QOP other than auth (auth-int or auth-conf), Kerberos client
connection works fine when the JDBC URL specifies the matching QOP, however when this HS2
is accessed through Oozie (Delegation token / Digest authentication), connections fails because
the JDBC driver ignores the SASL.QOP parameters in the JDBC URL. SASL.QOP setting should be
valid for DIGEST Auth mech.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message