[ https://issues.apache.org/jira/browse/HIVE-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12914408#action_12914408 ]
Venkatesh S commented on HIVE-842: ---------------------------------- > Should the metastore always take HDFS actions as the user making the RPC? Yes, metastore will run as a super-user (Hadoop proxy user) enabling DO AS operations and impersonate the target user while accessing data on HDFS. > If we see that Hadoop Security is enabled, should we enable SASL on the > metastore thrift server by default? I'd think so. > should there be an option whereby the metastore uses a keytab to authenticate > to HDFS, but doesn't require users to authenticate to it? Wouldn't this leave a hole as it currently exists? > Authentication Infrastructure for Hive > -------------------------------------- > > Key: HIVE-842 > URL: https://issues.apache.org/jira/browse/HIVE-842 > Project: Hadoop Hive > Issue Type: New Feature > Components: Server Infrastructure > Reporter: Edward Capriolo > Assignee: Todd Lipcon > Attachments: HiveSecurityThoughts.pdf > > > This issue deals with the authentication (user name,password) infrastructure. > Not the authorization components that specify what a user should be able to > do. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.