[ https://issues.apache.org/jira/browse/HIVE-16529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16139440#comment-16139440 ]
Eric Yang commented on HIVE-16529: ---------------------------------- JPAM user account expiration issue can easily work around by applying this patch to JPAM: {code} --- jpam/jpam/src/c/Pam.c 2005-06-14 20:02:36.000000000 -0700 +++ ../../jpam/jpam/jpam/src/c/Pam.c 2017-08-23 18:20:09.000000000 -0700 @@ -151,6 +151,9 @@ printf("***Sending password\n"); reply[replies].resp = COPY_STRING(password); } + if (msg[replies]->msg_style==4) { + reply[replies].resp = NULL; + } if (debug) printf("***Response to PAM is: |%s|\n", reply[replies].resp); } {code} This might be a workaround solution instead of replacing JPAM with libpam4j. > Replace JPAM with libpam4j for PAM authentication > ------------------------------------------------- > > Key: HIVE-16529 > URL: https://issues.apache.org/jira/browse/HIVE-16529 > Project: Hive > Issue Type: Improvement > Components: Authentication > Affects Versions: 1.2.0 > Reporter: Richard Ding > Assignee: Sailaja Navvluru > > PAM authentication is an important feature available since Hive 0.13. But > Hive blog gives the following warnings: > {quote} > JPAM library that is used to provide the PAM authentication mode can cause > HiveServer2 to go down if a user's password has expired. This happens because > of segfault/core dumps from native code invoked by JPAM. Some users have also > reported crashes during logins in other cases as well. Use of LDAP or > KERBEROS is recommended. > {quote} > JPAM also requires user to install a native library. Furthermore, JPAM > library seems not to have been updated since 2007. > Other Apache projects (e.g. Ambari/Ranger/Knox) use a newer library libpam4j > which doesn't require installation of native library. -- This message was sent by Atlassian JIRA (v6.4.14#64029)