[
https://issues.apache.org/jira/browse/HIVE-8557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14184745#comment-14184745
]
Thejas M Nair commented on HIVE-8557:
-------------------------------------
Changes -
- Automatically set JAAS configuration for use by the zookeeper configuration.
Now, in the default configuration, the hive to zookeeper communication for
delegation token access will be authorized using kerberos. The JAAS
configuration setup code in HiveServer2 is re-used (HIVE-8173).
- Create separate dirs for hiveserver2 and metastore delegation token storage.
This helps if the cluster setup is using different users for hiveserver2 and
metastore.
- Set default authorization settings for delegation storage nodes in zookeeper
to allow access only for the hiveserver2 and metastore server users
- Uses apache curator apis for zookeeper access, so that there is better fault
tolerance and built-in retries on cases like session expiry and connection
failures.
> automatically setup ZooKeeperTokenStore to use kerberos authentication when
> kerberos is enabled
> -----------------------------------------------------------------------------------------------
>
> Key: HIVE-8557
> URL: https://issues.apache.org/jira/browse/HIVE-8557
> Project: Hive
> Issue Type: Bug
> Reporter: Thejas M Nair
> Assignee: Thejas M Nair
> Fix For: 0.14.0
>
> Attachments: HIVE-8557.1.patch
>
>
> ZooKeeperTokenStore does not automatically setup the zookeeper client to use
> kerberos authentication to talk to zookeeper, it requires additional
> configuration.
> If kerberos is enabled in the configuration, it makes sense to do this
> configuration for zookeeper client automatically.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
