[
https://issues.apache.org/jira/browse/HIVE-10115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15150884#comment-15150884
]
Sushanth Sowmyan commented on HIVE-10115:
-----------------------------------------
Committed to branch-2.0 as well, now that it is open again, to be part of an
eventual 2.0.1 if so.
> HS2 running on a Kerberized cluster should offer Kerberos(GSSAPI) and
> Delegation token(DIGEST) when alternate authentication is enabled
> ---------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HIVE-10115
> URL: https://issues.apache.org/jira/browse/HIVE-10115
> Project: Hive
> Issue Type: Improvement
> Components: Authentication
> Affects Versions: 1.1.0
> Reporter: Mubashir Kazia
> Assignee: Mubashir Kazia
> Labels: patch
> Fix For: 1.3.0, 2.1.0, 2.0.1
>
> Attachments: HIVE-10115.0.patch, HIVE-10115.2.patch
>
>
> In a Kerberized cluster when alternate authentication is enabled on HS2, it
> should also accept Kerberos Authentication. The reason this is important is
> because when we enable LDAP authentication HS2 stops accepting delegation
> token authentication. So we are forced to enter username passwords in the
> oozie configuration.
> The whole idea of SASL is that multiple authentication mechanism can be
> offered. If we disable Kerberos(GSSAPI) and delegation token (DIGEST)
> authentication when we enable LDAP authentication, this defeats SASL purpose.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
