You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "Mubashir Kazia (JIRA)" <ji...@apache.org> on 2015/04/22 03:46:58 UTC

[jira] [Assigned] (HIVE-10115) HS2 running on a Kerberized cluster should offer Kerberos(GSSAPI) and Delegation token(DIGEST) when alternate authentication is enabled

     [ https://issues.apache.org/jira/browse/HIVE-10115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mubashir Kazia reassigned HIVE-10115:
-------------------------------------

    Assignee: Mubashir Kazia

> HS2 running on a Kerberized cluster should offer Kerberos(GSSAPI) and Delegation token(DIGEST) when alternate authentication is enabled
> ---------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-10115
>                 URL: https://issues.apache.org/jira/browse/HIVE-10115
>             Project: Hive
>          Issue Type: Improvement
>          Components: Authentication
>    Affects Versions: 1.1.0
>            Reporter: Mubashir Kazia
>            Assignee: Mubashir Kazia
>              Labels: patch
>             Fix For: 1.2.0
>
>         Attachments: HIVE-10115.0.patch
>
>
> In a Kerberized cluster when alternate authentication is enabled on HS2, it should also accept Kerberos Authentication. The reason this is important is because when we enable LDAP authentication HS2 stops accepting delegation token authentication. So we are forced to enter username passwords in the oozie configuration.
> The whole idea of SASL is that multiple authentication mechanism can be offered. If we disable Kerberos(GSSAPI) and delegation token (DIGEST) authentication when we enable LDAP authentication, this defeats SASL purpose.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)