Add delegation token support to metastore
-----------------------------------------
Key: HIVE-1696
URL: https://issues.apache.org/jira/browse/HIVE-1696
Project: Hadoop Hive
Issue Type: Sub-task
Components: Metastore
Reporter: Todd Lipcon
As discussed in HIVE-842, kerberos authentication is only sufficient for
authentication of a hive user client to the metastore. There are other cases
where thrift calls need to be authenticated when the caller is running in an
environment without kerberos credentials. For example, an MR task running as
part of a hive job may want to report statistics to the metastore, or a job may
be running within the context of Oozie or Hive Server.
This JIRA is to implement support of delegation tokens for the metastore. The
concept of a delegation token is borrowed from the Hadoop security design - the
quick summary is that a kerberos-authenticated client may retrieve a binary
token from the server. This token can then be passed to other clients which can
use it to achieve authentication as the original user in lieu of a kerberos
ticket.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
