[
https://issues.apache.org/jira/browse/HIVE-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Naveen Gangam updated HIVE-7193:
--------------------------------
Attachment: HIVE-7193.5.patch
Incorporating additional suggestions from the review board. A big change it to
revert treating Atn Providers as services (singleton instances thru the life of
the HS2). These instances will now be created on every Atn request.
The concern was that we dont know what the user-coded
CustomAuthenticationProvider could do. Since this is user-written code, we have
no control over what it can and cannot do. If each request takes a long time,
we could have a bottleneck. Similarly, the PAMAuthenticator could become a
bottleneck too.
So the decision was to have the AtnFactory be consistent across all forms of
Atn.
> Hive should support additional LDAP authentication parameters
> -------------------------------------------------------------
>
> Key: HIVE-7193
> URL: https://issues.apache.org/jira/browse/HIVE-7193
> Project: Hive
> Issue Type: Bug
> Affects Versions: 0.10.0
> Reporter: Mala Chikka Kempanna
> Assignee: Naveen Gangam
> Attachments: HIVE-7193.2.patch, HIVE-7193.3.patch, HIVE-7193.5.patch,
> HIVE-7193.patch, LDAPAuthentication_Design_Doc.docx,
> LDAPAuthentication_Design_Doc_V2.docx
>
>
> Currently hive has only following authenticator parameters for LDAP
> authentication for hiveserver2.
> <property>
> <name>hive.server2.authentication</name>
> <value>LDAP</value>
> </property>
> <property>
> <name>hive.server2.authentication.ldap.url</name>
> <value>ldap://our_ldap_address</value>
> </property>
> We need to include other LDAP properties as part of hive-LDAP authentication
> like below
> a group search base -> dc=domain,dc=com
> a group search filter -> member={0}
> a user search base -> dc=domain,dc=com
> a user search filter -> sAMAAccountName={0}
> a list of valid user groups -> group1,group2,group3
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
