Hi all,
We are trying to use HMS(version 3.1.2) to manage our company's metadata. There are some questions about security mentioned following. Any Ideas will be appreciate. Thank you. 1. In unsecure mode, the client(HiveMetaStoreClient) could transmit user information to the server(HiveMetaStore) through set_ugi. The TUGIContainingTransport::Factory's weakhashmap caches transport including UGI. If the transport exists for a long time, it may be GC'ed. Then the subsequent request will not get UGI again. How can we solve this problem? In addition, we deploy HMS in the distributed situation. There are multiple HMS servers. A VIP is used for load balancing. What if UGI is setted in server A while the subsequent request is sent to another server B? 2. When using SASL, the problem is similar to the above. In the client's open stage, userit will be authenticated and the ticket will be cached in WeakHashMap transportmap of TSaslServerTransport::Factory. So in the distributed situation or after GC, how to ensure that the server can get tickets? I have searched on jira but didn't find relevant content. Please help us.
