hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergio Peña (JIRA) <j...@apache.org>
Subject [jira] [Updated] (HIVE-10115) HS2 running on a Kerberized cluster should offer Kerberos(GSSAPI) and Delegation token(DIGEST) when alternate authentication is enabled
Date Fri, 05 Feb 2016 20:46:39 GMT

     [ https://issues.apache.org/jira/browse/HIVE-10115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sergio Peña updated HIVE-10115:
-------------------------------
    Fix Version/s: 1.3.0

> HS2 running on a Kerberized cluster should offer Kerberos(GSSAPI) and Delegation token(DIGEST)
when alternate authentication is enabled
> ---------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-10115
>                 URL: https://issues.apache.org/jira/browse/HIVE-10115
>             Project: Hive
>          Issue Type: Improvement
>          Components: Authentication
>    Affects Versions: 1.1.0
>            Reporter: Mubashir Kazia
>            Assignee: Mubashir Kazia
>              Labels: patch
>             Fix For: 1.3.0, 2.1.0
>
>         Attachments: HIVE-10115.0.patch, HIVE-10115.2.patch
>
>
> In a Kerberized cluster when alternate authentication is enabled on HS2, it should also
accept Kerberos Authentication. The reason this is important is because when we enable LDAP
authentication HS2 stops accepting delegation token authentication. So we are forced to enter
username passwords in the oozie configuration.
> The whole idea of SASL is that multiple authentication mechanism can be offered. If we
disable Kerberos(GSSAPI) and delegation token (DIGEST) authentication when we enable LDAP
authentication, this defeats SASL purpose.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message