Hi Larry,Just few follow-up few questions:
1. Since JDBC connection with http headers works for beeline, do you think any
Hive/Java thrift API in Java will also work in the same way?2. Performance :
What is the performance impact for using Knox proxy? For example, is there any
comparison of performance when a large file is moved through Knox+WebHDFS path
vs direct WebHDFS using SSL + Kerberos? If not, how much is expected?
3. Is it possible to submit Spark job through Knox? If not, is there any
discussion?
So many questions in one email :)
Regards,Mohammad
On Thursday, November 3, 2016 11:21 PM, Mohammad Islam <[email protected]>
wrote:
Thanks Larry again.That's link I was looking for.I will follow your
proposal.Regards,Mohammad
On Thursday, November 3, 2016 6:47 PM, larry mccay <[email protected]>
wrote:
Hi Mohammad -
This may be of interest:
https://cwiki.apache.org/confluence/display/Hive/HiveServer2+Clients#HiveServer2Clients-PassingHTTPHeaderKey/ValuePairsviaJDBCDriver
You could certainly set SM_USER and SM_GROUPS through this.
Obviously, you would have to ensure that no one can spoof an authentication and
that you only accept such connections from trusted sources.I would suggest SSL
mutual authentication. See:
http://knox.apache.org/books/knox-0-9-1/user-guide.html#Mutual+Authentication+with+SSL
Hope that helps.
--larry
On Thu, Nov 3, 2016 at 8:29 PM, Mohammad Islam <[email protected]> wrote:
Hi ,I'm wandering if hive JDBC connection (say using beeline ) supports
HeaderPreAuth.
In general, preauth gets authenticated user name through http header.However,
I'm not sure how to pass HTTP header as part of JDBC URL. If the question is
not clear , I can explain it further.
Regards,Mohammad
