diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
index 0efe58b..604bea7 100644
--- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
+++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
@@ -884,6 +884,9 @@
// binary transport settings
HIVE_SERVER2_THRIFT_PORT("hive.server2.thrift.port", 10000),
HIVE_SERVER2_THRIFT_BIND_HOST("hive.server2.thrift.bind.host", ""),
+ // hadoop.rpc.protection being set to a higher level than HiveServer2
+ // does not make sense in most situations.
+ // HiveServer2 ignores hadoop.rpc.protection in favor of hive.server2.thrift.sasl.qop.
HIVE_SERVER2_THRIFT_SASL_QOP("hive.server2.thrift.sasl.qop", "auth",
new StringsValidator("auth", "auth-int", "auth-conf")),
HIVE_SERVER2_THRIFT_MIN_WORKER_THREADS("hive.server2.thrift.min.worker.threads", 5),
diff --git a/conf/hive-default.xml.template b/conf/hive-default.xml.template
index 6620bd1..2552560 100644
--- a/conf/hive-default.xml.template
+++ b/conf/hive-default.xml.template
@@ -2321,7 +2321,9 @@
hive.server2.thrift.sasl.qop
auth
Sasl QOP value; Set it to one of following values to enable higher levels of
- protection for HiveServer2 communication with clients.
+ protection for HiveServer2 communication with clients. hadoop.rpc.protection being set
+ to a higher level than HiveServer2 does not make sense in most situations.
+ HiveServer2 ignores hadoop.rpc.protection in favor of hive.server2.thrift.sasl.qop.
"auth" - authentication only (default)
"auth-int" - authentication plus integrity protection
"auth-conf" - authentication plus integrity and confidentiality protection
diff --git a/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java b/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java
index 2b86820..5a56ced 100644
--- a/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java
+++ b/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java
@@ -1473,6 +1473,8 @@ public static boolean compareFieldColumns(List schema1, List saslProps = new HashMap();
SaslQOP saslQOP =
SaslQOP.fromString(conf.getVar(ConfVars.HIVE_SERVER2_THRIFT_SASL_QOP));
- // hadoop.rpc.protection being set to a higher level than hive.server2.thrift.rpc.protection
- // does not make sense in most situations. Log warning message in such cases.
- Map hadoopSaslProps = ShimLoader.getHadoopThriftAuthBridge().
- getHadoopSaslProperties(conf);
- SaslQOP hadoopSaslQOP = SaslQOP.fromString(hadoopSaslProps.get(Sasl.QOP));
- if(hadoopSaslQOP.ordinal() > saslQOP.ordinal()) {
- LOG.warn(MessageFormat.format("\"hadoop.rpc.protection\" is set to higher security level " +
- "{0} then {1} which is set to {2}", hadoopSaslQOP.toString(),
- ConfVars.HIVE_SERVER2_THRIFT_SASL_QOP.varname, saslQOP.toString()));
- }
saslProps.put(Sasl.QOP, saslQOP.toString());
saslProps.put(Sasl.SERVER_AUTH, "true");
return saslProps;