----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/13845/#review31384 -----------------------------------------------------------
beeline/src/java/org/apache/hive/beeline/BeeLine.java <https://reviews.apache.org/r/13845/#comment59840> we should document what this option means, in the usage output, and that it is a hive specific option. conf/hive-default.xml.template <https://reviews.apache.org/r/13845/#comment59858> should "altername" be "alternate" ? requestion => request shims/common-secure/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java <https://reviews.apache.org/r/13845/#comment59857> This would mean that to make a user a proxy user, you would need to make the user a proxy user for all of hadoop. In general for security, it is useful to be able to give users only what they need. Webhcat and oozie follow this model AFAIK. Granting a user proxy user privilege for these services does not require you to make the user a proxy user for hadoop (HDFS, MR). - Thejas Nair On Dec. 5, 2013, 8:08 p.m., Prasad Mujumdar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/13845/ > ----------------------------------------------------------- > > (Updated Dec. 5, 2013, 8:08 p.m.) > > > Review request for hive, Brock Noland, Carl Steinbach, and Thejas Nair. > > > Bugs: HIVE-5155 > https://issues.apache.org/jira/browse/HIVE-5155 > > > Repository: hive-git > > > Description > ------- > > Delegation token support - > Enable delegation token connection for HiveServer2 > Enhance the TCLIService interface to support delegation token requests > Support passing the delegation token connection type via JDBC URL and Beeline > option > > Direct proxy access - > Define new proxy user property > Shim interfaces to validate proxy access for a given user > > Note that the diff doesn't include thrift generated code. > > > Diffs > ----- > > beeline/src/java/org/apache/hive/beeline/BeeLine.java c5e36a5 > beeline/src/java/org/apache/hive/beeline/BeeLineOpts.java c3abba3 > beeline/src/java/org/apache/hive/beeline/Commands.java d2d7fd3 > beeline/src/java/org/apache/hive/beeline/DatabaseConnection.java 1de5829 > common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 36503fa > conf/hive-default.xml.template c61a0bb > itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java > 7b1c9da > jdbc/src/java/org/apache/hadoop/hive/jdbc/HiveConnection.java d08e05b > jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java ef39573 > jdbc/src/java/org/apache/hive/jdbc/Utils.java 4d75d98 > service/if/TCLIService.thrift 62a9730 > service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java d80649f > service/src/java/org/apache/hive/service/auth/KerberosSaslHelper.java > 519556c > service/src/java/org/apache/hive/service/auth/PlainSaslHelper.java 15b1675 > service/src/java/org/apache/hive/service/cli/CLIService.java 8c85386 > service/src/java/org/apache/hive/service/cli/CLIServiceClient.java 14ef54f > service/src/java/org/apache/hive/service/cli/EmbeddedCLIServiceClient.java > 9dca874 > service/src/java/org/apache/hive/service/cli/ICLIService.java f647ce6 > service/src/java/org/apache/hive/service/cli/session/HiveSession.java > 00058cc > service/src/java/org/apache/hive/service/cli/session/HiveSessionImpl.java > cfda752 > > service/src/java/org/apache/hive/service/cli/session/HiveSessionImplwithUGI.java > 708f4e4 > service/src/java/org/apache/hive/service/cli/session/SessionManager.java > e262b72 > service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java > 9df110e > > service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIServiceClient.java > 9bb2a0f > service/src/test/org/apache/hive/service/auth/TestPlainSaslHelper.java > 8fa4afd > service/src/test/org/apache/hive/service/cli/session/TestSessionHooks.java > 2fac800 > shims/0.20/src/main/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java > 6ff1a84 > > shims/common-secure/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java > 84f3ddc > > shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java > dc89de1 > shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java > 0d5615c > > shims/common/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java > 03f4e51 > > Diff: https://reviews.apache.org/r/13845/diff/ > > > Testing > ------- > > Since this requires kerberos setup, its tested by a standalone test program > that runs various existing and new secure connection scenarios. The test code > is attached to the ticket at > https://issues.apache.org/jira/secure/attachment/12600119/ProxyAuth.java > > > Thanks, > > Prasad Mujumdar > >
