Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-16529

Replace JPAM with libpam4j for PAM authentication

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.2.0
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
      None

      Description

      PAM authentication is an important feature available since Hive 0.13. But Hive blog gives the following warnings:

      JPAM library that is used to provide the PAM authentication mode can cause HiveServer2 to go down if a user's password has expired. This happens because of segfault/core dumps from native code invoked by JPAM. Some users have also reported crashes during logins in other cases as well. Use of LDAP or KERBEROS is recommended.

      ​JPAM also requires user to install a native library. ​Furthermore, JPAM library seems not to have been updated since 2007.

      Other Apache projects (e.g. Ambari/Ranger/Knox) use a newer library libpam4j which doesn't require installation of native library.

        Attachments

          Activity

            People

            • Assignee:
              sailajanch Sailaja Navvluru
              Reporter:
              rding Richard Ding
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: