Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-842 Authentication Infrastructure for Hive
  3. HIVE-1696

Add delegation token support to metastore

    XMLWordPrintableJSON

    Details

    • Hadoop Flags:
      Reviewed

      Description

      As discussed in HIVE-842, kerberos authentication is only sufficient for authentication of a hive user client to the metastore. There are other cases where thrift calls need to be authenticated when the caller is running in an environment without kerberos credentials. For example, an MR task running as part of a hive job may want to report statistics to the metastore, or a job may be running within the context of Oozie or Hive Server.

      This JIRA is to implement support of delegation tokens for the metastore. The concept of a delegation token is borrowed from the Hadoop security design - the quick summary is that a kerberos-authenticated client may retrieve a binary token from the server. This token can then be passed to other clients which can use it to achieve authentication as the original user in lieu of a kerberos ticket.

        Attachments

        1. hive_1696_no-thrift.patch
          44 kB
          Ashutosh Chauhan
        2. hive_1696.patch
          260 kB
          Ashutosh Chauhan
        3. hive_1696.patch
          271 kB
          Ashutosh Chauhan
        4. hive-1696-1.patch
          52 kB
          Devaraj Das
        5. hive-1696-1-with-gen-code.patch
          380 kB
          Devaraj Das
        6. hive-1696-3.patch
          64 kB
          Devaraj Das
        7. hive-1696-3-with-gen-code.patch
          393 kB
          Devaraj Das
        8. hive-1696-4.patch
          66 kB
          Devaraj Das
        9. hive-1696-4.patch
          66 kB
          Devaraj Das
        10. hive-1696-4-with-gen-code.1.patch
          581 kB
          Devaraj Das
        11. hive-1696-4-with-gen-code.patch
          581 kB
          Carl Steinbach

          Issue Links

            Activity

              People

              • Assignee:
                ddas Devaraj Das
                Reporter:
                tlipcon Todd Lipcon
              • Votes:
                0 Vote for this issue
                Watchers:
                13 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: