Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-17014

Password File Encryption for HiveServer2 Client

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 2.1.2
    • Component/s: Beeline
    • Labels:
      None

      Description

      The main point of this file is to encrypt password file that is used for beeline connection using -w key. Any ideas or proposals would be great.

        Issue Links

          Activity

          Hide
          allgoodok Vlad Gudikov added a comment -

          This document describes possible ways of implementing password file encryption feature

          Show
          allgoodok Vlad Gudikov added a comment - This document describes possible ways of implementing password file encryption feature
          Hide
          allgoodok Vlad Gudikov added a comment -

          Attached document with possible ways to implement this feature.

          As Larry McCay commented in HIVE-17014. - "we may want to consider the use of the CredentialProvider API that will be committed soon.
          See HADOOP-10607. This isn't mutually exclusive with the password file approach as there are plans to fallback to existing password files in certain components. However, the abstraction of the API is best realized through the new Configuration.getPassword(String name) method. This will allow you to ask for a configuration item that you know is a password and it will check for an aliased credential based on the name through the CredentialProvider API. If the name is not resolved into a credential from a provider then it falls back to the config file."

          Would be happy to discuss this approach with other members.

          Show
          allgoodok Vlad Gudikov added a comment - Attached document with possible ways to implement this feature. As Larry McCay commented in HIVE-17014 . - "we may want to consider the use of the CredentialProvider API that will be committed soon. See HADOOP-10607 . This isn't mutually exclusive with the password file approach as there are plans to fallback to existing password files in certain components. However, the abstraction of the API is best realized through the new Configuration.getPassword(String name) method. This will allow you to ask for a configuration item that you know is a password and it will check for an aliased credential based on the name through the CredentialProvider API. If the name is not resolved into a credential from a provider then it falls back to the config file." Would be happy to discuss this approach with other members.

            People

            • Assignee:
              allgoodok Vlad Gudikov
              Reporter:
              allgoodok Vlad Gudikov
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:

                Development