[
https://issues.apache.org/jira/browse/HIVE-16529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16116997#comment-16116997
]
Todd Richmond commented on HIVE-16529:
--------------------------------------
jpam will definitely cause memory corruption. However, the version of JPAM on
public repos will also cause corruption unless a single patch has been applied.
There is a community patch for this issue that has been validated by several
sources: https://github.com/kohsuke/libpam4j/issues/16. However, the project
author has not responded to merge into another release
With the patch, libpam4j has been robust in our tests. Note that without it
corruption seems more consistent on certain Redhat versions as well as certain
newer refs of JNA (a dependency)
> Replace JPAM with libpam4j for PAM authentication
> -------------------------------------------------
>
> Key: HIVE-16529
> URL: https://issues.apache.org/jira/browse/HIVE-16529
> Project: Hive
> Issue Type: Improvement
> Components: Authentication
> Affects Versions: 1.2.0
> Reporter: Richard Ding
> Assignee: Sailaja Navvluru
>
> PAM authentication is an important feature available since Hive 0.13. But
> Hive blog gives the following warnings:
> {quote}
> JPAM library that is used to provide the PAM authentication mode can cause
> HiveServer2 to go down if a user's password has expired. This happens because
> of segfault/core dumps from native code invoked by JPAM. Some users have also
> reported crashes during logins in other cases as well. Use of LDAP or
> KERBEROS is recommended.
> {quote}
> JPAM also requires user to install a native library. Furthermore, JPAM
> library seems not to have been updated since 2007.
> Other Apache projects (e.g. Ambari/Ranger/Knox) use a newer library libpam4j
> which doesn't require installation of native library.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
