[jira] [Commented] (HIVE-4911) Enable QOP configuration for Hive Server 2 thrift transport

Mon, 22 Jul 2013 15:47:21 -0700 

    [ 
https://issues.apache.org/jira/browse/HIVE-4911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13715798#comment-13715798
 ] 

Arup Malakar commented on HIVE-4911:
------------------------------------

[~brocknoland], HIVE-4225 proposes a way to configure QoP for the Hive Server 2 
thrift service. But it uses the  {{SaslRpcServer.SaslRpcServer}} object to 
determine what QoP to use. {{SaslRpcServer.SaslRpcServer}}  reads this 
configuration from the parameter {{hadoop.rpc.protection}}, as can be seen in: 
https://svn.apache.org/repos/asf/hadoop/common/branches/HADOOP-6685/src/java/org/apache/hadoop/security/SaslRpcServer.java

{code:java}
  public static void init(Configuration conf) {
    QualityOfProtection saslQOP = QualityOfProtection.AUTHENTICATION;
    String rpcProtection = conf.get("hadoop.rpc.protection",
        QualityOfProtection.AUTHENTICATION.name().toLowerCase());
    if (QualityOfProtection.INTEGRITY.name().toLowerCase()
        .equals(rpcProtection)) {
      saslQOP = QualityOfProtection.INTEGRITY;
    } else if (QualityOfProtection.PRIVACY.name().toLowerCase().equals(
        rpcProtection)) {
      saslQOP = QualityOfProtection.PRIVACY;
    }
    
    SASL_PROPS.put(Sasl.QOP, saslQOP.getSaslQop());
    SASL_PROPS.put(Sasl.SERVER_AUTH, "true");
  }
{code}

I believe {{hadoop.rpc.protection}} configuration shouldn't dictate what QoP 
hive server 2 would use. The QoP of Hive Server 2 should rather be exposed via 
a new Hive Server 2 specific setting. That way either can change independent of 
each other.

                
> Enable QOP configuration for Hive Server 2 thrift transport
> -----------------------------------------------------------
>
>                 Key: HIVE-4911
>                 URL: https://issues.apache.org/jira/browse/HIVE-4911
>             Project: Hive
>          Issue Type: New Feature
>            Reporter: Arup Malakar
>            Assignee: Arup Malakar
>         Attachments: HIVE-4911-trunk-0.patch
>
>
> The QoP for hive server 2 should be configurable to enable encryption. A new 
> configuration should be exposed "hive.server2.thrift.rpc.protection". This 
> would give greater control configuring hive server 2 service.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to