[ https://issues.apache.org/jira/browse/HIVE-18541?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16358172#comment-16358172 ]
Oleksiy Sayankin commented on HIVE-18541: ----------------------------------------- [~szehon] from review board: {code} HIVE_SERVER2_WEBUI_PAM_AUTHENTICATOR("hive.server2.webui.pam.authenticator", {code} {quote} What do you think if we do not expose this as configurable? It adds complexity and a bit of security vulnerability if we do this. {quote} Could you please explain what type of security vulnerability do you see here? Though I removed hive.server2.webui.pam.authenticator but let's discuss it in more details. I agree that it adds complexity (I use reflaction to upload class for PAM authentication), but what about vulnerability? Any thoughts? > Secure HS2 web UI with PAM > -------------------------- > > Key: HIVE-18541 > URL: https://issues.apache.org/jira/browse/HIVE-18541 > Project: Hive > Issue Type: Sub-task > Components: HiveServer2 > Reporter: Oleksiy Sayankin > Assignee: Oleksiy Sayankin > Priority: Major > Fix For: 3.0.0 > > Attachments: HIVE-18541.1.patch, HIVE-18541.2.patch, > HIVE-18541.5.patch > > > Secure HS2 web UI with PAM. Add two new properties > * hive.server2.webui.use.pam > * Default value: false > * Description: If true, the HiveServer2 WebUI will be secured with PAM > * hive.server2.webui.pam.authenticator > * Default value: org.apache.hive.http.security.PamAuthenticator > * Description: Class for PAM authentication -- This message was sent by Atlassian JIRA (v7.6.3#76005)