[
https://issues.apache.org/jira/browse/HIVE-4232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13622693#comment-13622693
]
Prasad Mujumdar commented on HIVE-4232:
---------------------------------------
[~cdrome] Thanks for looking into it further. I agree with your comment
regarding JDBC application explicitly adding "nosasl". In such case the
application is doing a customization by overriding the default, so they should
know what they are doing ..
Also you are correct about this details not being well documented. I will go
ahead and add new advance/custom configuratoin sections to [Setting Up Hive
Server|https://cwiki.apache.org/Hive/adminmanual-settinguphiveserver.html] as
well as [HiveServer2
Clients|https://cwiki.apache.org/Hive/hiveserver2-clients.html]. Thanks for
bringing that out!
[~cwsteinbach] Thanks for providing feedback.
I would still like to argue that the "PLAIN" is more tied to the internal
implementation and not indicative of the behavior, especially when its a
default. We can perhaps change NOSASL to RAW or THRIFT, or leave it with the
'sasl' reference as its more of advance option.
Another thing to keep in mind that was available as a patch for HiveServer2 for
a very long time. Even though its committed to trunk in 0.11, the community has
started using the patch on top of Hive 0.10 as well as through multiple popular
distros. Changing the configuration will be a backward incompatible change for
such users. This one is not just flipping a config switch, but would also
require changing JDBC code and recompiling/redeploying the application.
> JDBC2 HiveConnection has odd defaults
> -------------------------------------
>
> Key: HIVE-4232
> URL: https://issues.apache.org/jira/browse/HIVE-4232
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2, JDBC
> Affects Versions: 0.11.0
> Reporter: Chris Drome
> Assignee: Chris Drome
> Fix For: 0.11.0
>
> Attachments: HIVE-4232-1.patch, HIVE-4232.patch
>
>
> HiveConnection defaults to using a plain SASL transport if auth is not set.
> To get a raw transport auth must be set to noSasl; furthermore noSasl is case
> sensitive. Code tries to infer Kerberos or plain authentication based on the
> presence of principal. There is no provision for specifying QOP level.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
