[
https://issues.apache.org/jira/browse/HIVE-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12914408#action_12914408
]
Venkatesh S commented on HIVE-842:
----------------------------------
> Should the metastore always take HDFS actions as the user making the RPC?
Yes, metastore will run as a super-user (Hadoop proxy user) enabling DO AS
operations and impersonate the target user while accessing data on HDFS.
> If we see that Hadoop Security is enabled, should we enable SASL on the
> metastore thrift server by default?
I'd think so.
> should there be an option whereby the metastore uses a keytab to authenticate
> to HDFS, but doesn't require users to authenticate to it?
Wouldn't this leave a hole as it currently exists?
> Authentication Infrastructure for Hive
> --------------------------------------
>
> Key: HIVE-842
> URL: https://issues.apache.org/jira/browse/HIVE-842
> Project: Hadoop Hive
> Issue Type: New Feature
> Components: Server Infrastructure
> Reporter: Edward Capriolo
> Assignee: Todd Lipcon
> Attachments: HiveSecurityThoughts.pdf
>
>
> This issue deals with the authentication (user name,password) infrastructure.
> Not the authorization components that specify what a user should be able to
> do.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
