[jira] [Commented] (HIVE-4232) JDBC2 HiveConnection has odd defaults

Wed, 10 Apr 2013 15:13:18 -0700 

    [ 
https://issues.apache.org/jira/browse/HIVE-4232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13628347#comment-13628347
 ] 

Thejas M Nair commented on HIVE-4232:
-------------------------------------

[~mithun] THRIFT-1774 is the unfortunate reality, and I don't see anybody 
having signed up to fix it.
>From a user experience perspective, it would be better to get an error message 
>(well, a stack trace in this case!) instead of the command hanging if the user 
>tries to connect to a kerberos-secure server without specifying the correct 
>auth. 
I don't see any advantages of using raw transport as default (one client and 
server). I agree that the auth names are misleading and we should change that.

Here is my proposal -
hive-site.xml -> transport -> JDBC connection string
1. (fix to make compare case insensitive for all auth types ) 
hive.server2.authentication=NOSASL -> raw transport -> 
jdbc:hive2://host:port/dbname;auth=nosasl
2. (change the param name, this remains default) 
hive.server2.authentication=PLAINSASL -> plain SASL transport -> 
jdbc:hive2://host:port/dbname (DEFAULT)
3. (check/support auth=kerberos in jdbc url) 
hive.server2.authentication=KERBEROS -> Kerberos SASL transport -> 
jdbc:hive2://host:port/dbname;auth=kerberos,principal=<principal>



                
> JDBC2 HiveConnection has odd defaults
> -------------------------------------
>
>                 Key: HIVE-4232
>                 URL: https://issues.apache.org/jira/browse/HIVE-4232
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2, JDBC
>    Affects Versions: 0.11.0
>            Reporter: Chris Drome
>            Assignee: Chris Drome
>             Fix For: 0.11.0
>
>         Attachments: HIVE-4232-1.patch, HIVE-4232.patch
>
>
> HiveConnection defaults to using a plain SASL transport if auth is not set. 
> To get a raw transport auth must be set to noSasl; furthermore noSasl is case 
> sensitive. Code tries to infer Kerberos or plain authentication based on the 
> presence of principal. There is no provision for specifying QOP level.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to