diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java index 0efe58b..604bea7 100644 --- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java +++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java @@ -884,6 +884,9 @@ // binary transport settings HIVE_SERVER2_THRIFT_PORT("hive.server2.thrift.port", 10000), HIVE_SERVER2_THRIFT_BIND_HOST("hive.server2.thrift.bind.host", ""), + // hadoop.rpc.protection being set to a higher level than HiveServer2 + // does not make sense in most situations. + // HiveServer2 ignores hadoop.rpc.protection in favor of hive.server2.thrift.sasl.qop. HIVE_SERVER2_THRIFT_SASL_QOP("hive.server2.thrift.sasl.qop", "auth", new StringsValidator("auth", "auth-int", "auth-conf")), HIVE_SERVER2_THRIFT_MIN_WORKER_THREADS("hive.server2.thrift.min.worker.threads", 5), diff --git a/conf/hive-default.xml.template b/conf/hive-default.xml.template index 6620bd1..2552560 100644 --- a/conf/hive-default.xml.template +++ b/conf/hive-default.xml.template @@ -2321,7 +2321,9 @@ hive.server2.thrift.sasl.qop auth Sasl QOP value; Set it to one of following values to enable higher levels of - protection for HiveServer2 communication with clients. + protection for HiveServer2 communication with clients. hadoop.rpc.protection being set + to a higher level than HiveServer2 does not make sense in most situations. + HiveServer2 ignores hadoop.rpc.protection in favor of hive.server2.thrift.sasl.qop. "auth" - authentication only (default) "auth-int" - authentication plus integrity protection "auth-conf" - authentication plus integrity and confidentiality protection diff --git a/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java b/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java index 2b86820..5a56ced 100644 --- a/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java +++ b/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java @@ -1473,6 +1473,8 @@ public static boolean compareFieldColumns(List schema1, List saslProps = new HashMap(); SaslQOP saslQOP = SaslQOP.fromString(conf.getVar(ConfVars.HIVE_SERVER2_THRIFT_SASL_QOP)); - // hadoop.rpc.protection being set to a higher level than hive.server2.thrift.rpc.protection - // does not make sense in most situations. Log warning message in such cases. - Map hadoopSaslProps = ShimLoader.getHadoopThriftAuthBridge(). - getHadoopSaslProperties(conf); - SaslQOP hadoopSaslQOP = SaslQOP.fromString(hadoopSaslProps.get(Sasl.QOP)); - if(hadoopSaslQOP.ordinal() > saslQOP.ordinal()) { - LOG.warn(MessageFormat.format("\"hadoop.rpc.protection\" is set to higher security level " + - "{0} then {1} which is set to {2}", hadoopSaslQOP.toString(), - ConfVars.HIVE_SERVER2_THRIFT_SASL_QOP.varname, saslQOP.toString())); - } saslProps.put(Sasl.QOP, saslQOP.toString()); saslProps.put(Sasl.SERVER_AUTH, "true"); return saslProps;