Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-842 Authentication Infrastructure for Hive
  3. HIVE-1696

Add delegation token support to metastore

    XMLWordPrintableJSON

Details

    • Reviewed

    Description

      As discussed in HIVE-842, kerberos authentication is only sufficient for authentication of a hive user client to the metastore. There are other cases where thrift calls need to be authenticated when the caller is running in an environment without kerberos credentials. For example, an MR task running as part of a hive job may want to report statistics to the metastore, or a job may be running within the context of Oozie or Hive Server.

      This JIRA is to implement support of delegation tokens for the metastore. The concept of a delegation token is borrowed from the Hadoop security design - the quick summary is that a kerberos-authenticated client may retrieve a binary token from the server. This token can then be passed to other clients which can use it to achieve authentication as the original user in lieu of a kerberos ticket.

      Attachments

        1. hive-1696-4-with-gen-code.patch
          581 kB
          Carl Steinbach
        2. hive-1696-4-with-gen-code.1.patch
          581 kB
          Devaraj Das
        3. hive-1696-4.patch
          66 kB
          Devaraj Das
        4. hive-1696-4.patch
          66 kB
          Devaraj Das
        5. hive-1696-3-with-gen-code.patch
          393 kB
          Devaraj Das
        6. hive-1696-3.patch
          64 kB
          Devaraj Das
        7. hive-1696-1-with-gen-code.patch
          380 kB
          Devaraj Das
        8. hive-1696-1.patch
          52 kB
          Devaraj Das
        9. hive_1696.patch
          271 kB
          Ashutosh Chauhan
        10. hive_1696.patch
          260 kB
          Ashutosh Chauhan
        11. hive_1696_no-thrift.patch
          44 kB
          Ashutosh Chauhan

        Issue Links

          is blocked by

          New Feature - A new feature of the product, which has yet to be developed. HIVE-842 Authentication Infrastructure for Hive

          • Major - Major loss of function.
          • Closed
          is depended upon by

          Improvement - An improvement or enhancement to an existing feature or task. HIVE-2467 HA Support for Metastore Server

          • Major - Major loss of function.
          • Closed
          relates to

          New Feature - A new feature of the product, which has yet to be developed. HIVE-3255 Add DBTokenStore to store Delegation Tokens in DB

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. HIVE-13363 Add hive.metastore.token.signature property to HiveConf

          • Major - Major loss of function.
          • Closed

          Activity

            People

              ddas Devaraj Das
              tlipcon Todd Lipcon
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: