[
https://issues.apache.org/jira/browse/HIVE-18541?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16358172#comment-16358172
]
Oleksiy Sayankin commented on HIVE-18541:
-----------------------------------------
[~szehon] from review board:
{code}
HIVE_SERVER2_WEBUI_PAM_AUTHENTICATOR("hive.server2.webui.pam.authenticator",
{code}
{quote}
What do you think if we do not expose this as configurable? It adds complexity
and a bit of security vulnerability if we do this.
{quote}
Could you please explain what type of security vulnerability do you see here?
Though I removed hive.server2.webui.pam.authenticator but let's discuss it in
more details. I agree that it adds complexity (I use reflaction to upload class
for PAM authentication), but what about vulnerability? Any thoughts?
> Secure HS2 web UI with PAM
> --------------------------
>
> Key: HIVE-18541
> URL: https://issues.apache.org/jira/browse/HIVE-18541
> Project: Hive
> Issue Type: Sub-task
> Components: HiveServer2
> Reporter: Oleksiy Sayankin
> Assignee: Oleksiy Sayankin
> Priority: Major
> Fix For: 3.0.0
>
> Attachments: HIVE-18541.1.patch, HIVE-18541.2.patch,
> HIVE-18541.5.patch
>
>
> Secure HS2 web UI with PAM. Add two new properties
> * hive.server2.webui.use.pam
> * Default value: false
> * Description: If true, the HiveServer2 WebUI will be secured with PAM
> * hive.server2.webui.pam.authenticator
> * Default value: org.apache.hive.http.security.PamAuthenticator
> * Description: Class for PAM authentication
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
