hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "slim bouguerra (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-21894) Hadoop credential password storage for the Kafka Storage handler when security is SSL
Date Fri, 21 Jun 2019 01:12:00 GMT

    [ https://issues.apache.org/jira/browse/HIVE-21894?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16869067#comment-16869067
] 

slim bouguerra commented on HIVE-21894:
---------------------------------------

[~kristopherkane] i looked up this and i see that all you need is something like

{code}

security.protocol=SSL

ssl.truststore.location=/path/to/kafka.client.truststore.jks

{code}

which seems like it is fine to store as a plain table properties.

Am wondering what is/are use case/s you have in mind?

 

> Hadoop credential password storage for the Kafka Storage handler when security is SSL
> -------------------------------------------------------------------------------------
>
>                 Key: HIVE-21894
>                 URL: https://issues.apache.org/jira/browse/HIVE-21894
>             Project: Hive
>          Issue Type: Improvement
>          Components: kafka integration
>    Affects Versions: 4.0.0
>            Reporter: Kristopher Kane
>            Assignee: Kristopher Kane
>            Priority: Minor
>             Fix For: 4.0.0
>
>
> The Kafka storage handler assumes that if the Hive service is configured with Kerberos
then the destination Kafka cluster is also secured with the same Kerberos realm or trust of
realms.  The security configuration of the Kafka client can be overwritten due to the additive
operations of the Kafka client configs, but, the only way to specify SSL and the keystore/truststore
user/pass is via plain text table properties. 
> This ticket proposes adding Hadoop credential security to the Kafka storage handler in
support of SSL secured Kafka clusters.  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message