You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Todd Richmond (JIRA)" <ji...@apache.org> on 2017/08/07 18:30:00 UTC
[jira] [Commented] (HIVE-16529) Replace JPAM with libpam4j for PAM
authentication
[ https://issues.apache.org/jira/browse/HIVE-16529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16116997#comment-16116997 ]
Todd Richmond commented on HIVE-16529:
--------------------------------------
jpam will definitely cause memory corruption. However, the version of JPAM on public repos will also cause corruption unless a single patch has been applied. There is a community patch for this issue that has been validated by several sources: https://github.com/kohsuke/libpam4j/issues/16. However, the project author has not responded to merge into another release
With the patch, libpam4j has been robust in our tests. Note that without it corruption seems more consistent on certain Redhat versions as well as certain newer refs of JNA (a dependency)
> Replace JPAM with libpam4j for PAM authentication
> -------------------------------------------------
>
> Key: HIVE-16529
> URL: https://issues.apache.org/jira/browse/HIVE-16529
> Project: Hive
> Issue Type: Improvement
> Components: Authentication
> Affects Versions: 1.2.0
> Reporter: Richard Ding
> Assignee: Sailaja Navvluru
>
> PAM authentication is an important feature available since Hive 0.13. But Hive blog gives the following warnings:
> {quote}
> JPAM library that is used to provide the PAM authentication mode can cause HiveServer2 to go down if a user's password has expired. This happens because of segfault/core dumps from native code invoked by JPAM. Some users have also reported crashes during logins in other cases as well. Use of LDAP or KERBEROS is recommended.
> {quote}
> JPAM also requires user to install a native library. Furthermore, JPAM library seems not to have been updated since 2007.
> Other Apache projects (e.g. Ambari/Ranger/Knox) use a newer library libpam4j which doesn't require installation of native library.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)