[jira] [Commented] (HIVE-8557) automatically setup ZooKeeperTokenStore to use kerberos authentication when kerberos is enabled

["Thejas M Nair (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/HIVE-8557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14184745#comment-14184745 ] 

Thejas M Nair commented on HIVE-8557:
-------------------------------------

Changes -
- Automatically set JAAS configuration for use by the zookeeper configuration. Now, in the default configuration, the hive to zookeeper communication for delegation token access will be authorized using kerberos. The JAAS configuration setup code in HiveServer2 is re-used (HIVE-8173).
- Create separate dirs for hiveserver2 and metastore delegation token storage. This helps if the cluster setup is using different users for hiveserver2 and metastore.
- Set default authorization settings for delegation storage nodes in zookeeper to allow access only for the hiveserver2 and metastore server users
- Uses apache curator apis for zookeeper access, so that there is better fault tolerance and built-in retries on cases like session expiry and connection failures.


> automatically setup ZooKeeperTokenStore to use kerberos authentication when kerberos is enabled
> -----------------------------------------------------------------------------------------------
>
>                 Key: HIVE-8557
>                 URL: https://issues.apache.org/jira/browse/HIVE-8557
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Thejas M Nair
>            Assignee: Thejas M Nair
>             Fix For: 0.14.0
>
>         Attachments: HIVE-8557.1.patch
>
>
> ZooKeeperTokenStore does not automatically setup the zookeeper client to use kerberos authentication to talk to zookeeper, it requires additional configuration.
> If kerberos is enabled in the configuration, it makes sense to do this configuration for zookeeper client automatically.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)