[
https://issues.apache.org/jira/browse/HIVE-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12916687#action_12916687
]
Todd Lipcon commented on HIVE-842:
----------------------------------
bq. > should there be an option whereby the metastore uses a keytab to
authenticate to HDFS, but doesn't require users to authenticate to it?
bq. Wouldn't this leave a hole as it currently exists?
Yea - I think the use case is that you may have some old Thrift clients that
haven't yet been updated to work with the SASL implementation (eg PHP). For
those clients, perhaps you can provide security based on firewall rules, etc.
But you would still like to run Hive on top of a secured HDFS.
> Authentication Infrastructure for Hive
> --------------------------------------
>
> Key: HIVE-842
> URL: https://issues.apache.org/jira/browse/HIVE-842
> Project: Hadoop Hive
> Issue Type: New Feature
> Components: Server Infrastructure
> Reporter: Edward Capriolo
> Assignee: Todd Lipcon
> Attachments: HiveSecurityThoughts.pdf
>
>
> This issue deals with the authentication (user name,password) infrastructure.
> Not the authorization components that specify what a user should be able to
> do.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
