[
https://issues.apache.org/jira/browse/HIVE-12688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15059527#comment-15059527
]
Thejas M Nair commented on HIVE-12688:
--------------------------------------
I think this is a blocker for 2.0.0 release .
I am attaching a patch to roll back that change to unblock the 2.0.0 release.
An fixed version of HIVE-11826 can be added in a follow up jira.
cc [~sershe] [~aihuaxu] [~csun] [~ashutoshc]
> HIVE-11826 makes hive unusable in properly secured cluster
> ----------------------------------------------------------
>
> Key: HIVE-12688
> URL: https://issues.apache.org/jira/browse/HIVE-12688
> Project: Hive
> Issue Type: Bug
> Affects Versions: 1.3.0, 2.0.0
> Reporter: Thejas M Nair
> Assignee: Thejas M Nair
> Priority: Blocker
>
> HIVE-11826 makes a change to restrict connections to metastore to users who
> belong to groups under 'hadoop.proxyuser.hive.groups'.
> That property was only a meant to be a hadoop property, which controls what
> users the hive user can impersonate. What this change is doing is to enable
> use of that to also restrict who can connect to metastore server. This is new
> functionality, not a bug fix. There is value to this functionality.
> However, this change makes hive unusable in a properly secured cluster. If
> 'hadoop.proxyuser.hive.hosts' is set to the proper set of hosts that run
> Metastore and Hiveserver2 (instead of a very open "*"), then users will be
> able to connect to metastore only from those hosts.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
