Hive
  1. Hive
  2. HIVE-4911

Enable QOP configuration for Hive Server 2 thrift transport

    Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.12.0
    • Component/s: None
    • Labels:
      None
    • Release Note:
      Hide
      This patch adds feature to enable enable integrity protection and confidentiality protection ( beyond just the default of authentication), for communication between hive jdbc driver and hive server2 . You can use SASL (http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer) QOP property (http://docs.oracle.com/javase/7/docs/api/javax/security/sasl/Sasl.html#QOP) configure this.

      - This is only when kerberos is used for the HS2 client (jdbc/odbc application) authentication with HS2.
      - hive.server2.thrift.sasl.qop in hive site.xml has to be set to one of valid QOP values ('auth', 'auth-int' or 'auth-conf')
      - specify sasl.qop in hive connection string sessionconf part of your jdbc hive connection string. eg jdbc:hive://hostname/dbname;sasl.qop=auth-int

      This also adds SASL QOP protection for metastore client server communication. You can enable it using hadoop configuration paramter hadoop.rpc.protection.

      Show
      This patch adds feature to enable enable integrity protection and confidentiality protection ( beyond just the default of authentication), for communication between hive jdbc driver and hive server2 . You can use SASL ( http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer ) QOP property ( http://docs.oracle.com/javase/7/docs/api/javax/security/sasl/Sasl.html#QOP ) configure this. - This is only when kerberos is used for the HS2 client (jdbc/odbc application) authentication with HS2. - hive.server2.thrift.sasl.qop in hive site.xml has to be set to one of valid QOP values ('auth', 'auth-int' or 'auth-conf') - specify sasl.qop in hive connection string sessionconf part of your jdbc hive connection string. eg jdbc: hive://hostname/dbname;sasl.qop=auth-int This also adds SASL QOP protection for metastore client server communication. You can enable it using hadoop configuration paramter hadoop.rpc.protection.

      Description

      The QoP for hive server 2 should be configurable to enable encryption. A new configuration should be exposed "hive.server2.thrift.sasl.qop". This would give greater control configuring hive server 2 service.

      1. 20-build-temp-change-1.patch
        3 kB
        Arup Malakar
      2. HIVE-4911-trunk-3.patch
        22 kB
        Arup Malakar
      3. 20-build-temp-change.patch
        1 kB
        Thejas M Nair
      4. HIVE-4911-trunk-2.patch
        25 kB
        Arup Malakar
      5. HIVE-4911-trunk-1.patch
        24 kB
        Arup Malakar
      6. HIVE-4911-trunk-0.patch
        17 kB
        Arup Malakar

        Issue Links

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              Arup Malakar
              Reporter:
              Arup Malakar
            • Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development