[ https://issues.apache.org/jira/browse/HIVE-4911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13715798#comment-13715798 ]
Arup Malakar commented on HIVE-4911: ------------------------------------ [~brocknoland], HIVE-4225 proposes a way to configure QoP for the Hive Server 2 thrift service. But it uses the {{SaslRpcServer.SaslRpcServer}} object to determine what QoP to use. {{SaslRpcServer.SaslRpcServer}} reads this configuration from the parameter {{hadoop.rpc.protection}}, as can be seen in: https://svn.apache.org/repos/asf/hadoop/common/branches/HADOOP-6685/src/java/org/apache/hadoop/security/SaslRpcServer.java {code:java} public static void init(Configuration conf) { QualityOfProtection saslQOP = QualityOfProtection.AUTHENTICATION; String rpcProtection = conf.get("hadoop.rpc.protection", QualityOfProtection.AUTHENTICATION.name().toLowerCase()); if (QualityOfProtection.INTEGRITY.name().toLowerCase() .equals(rpcProtection)) { saslQOP = QualityOfProtection.INTEGRITY; } else if (QualityOfProtection.PRIVACY.name().toLowerCase().equals( rpcProtection)) { saslQOP = QualityOfProtection.PRIVACY; } SASL_PROPS.put(Sasl.QOP, saslQOP.getSaslQop()); SASL_PROPS.put(Sasl.SERVER_AUTH, "true"); } {code} I believe {{hadoop.rpc.protection}} configuration shouldn't dictate what QoP hive server 2 would use. The QoP of Hive Server 2 should rather be exposed via a new Hive Server 2 specific setting. That way either can change independent of each other. > Enable QOP configuration for Hive Server 2 thrift transport > ----------------------------------------------------------- > > Key: HIVE-4911 > URL: https://issues.apache.org/jira/browse/HIVE-4911 > Project: Hive > Issue Type: New Feature > Reporter: Arup Malakar > Assignee: Arup Malakar > Attachments: HIVE-4911-trunk-0.patch > > > The QoP for hive server 2 should be configurable to enable encryption. A new > configuration should be exposed "hive.server2.thrift.rpc.protection". This > would give greater control configuring hive server 2 service. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira