[ 
https://issues.apache.org/jira/browse/HIVE-18541?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16358172#comment-16358172
 ] 

Oleksiy Sayankin commented on HIVE-18541:
-----------------------------------------

[~szehon] from review board:

{code}
HIVE_SERVER2_WEBUI_PAM_AUTHENTICATOR("hive.server2.webui.pam.authenticator",
{code}

{quote}
What do you think if we do not expose this as configurable?  It adds complexity 
and a bit of security vulnerability if we do this.
{quote}

Could you please explain what type of security vulnerability do you see here? 
Though I removed hive.server2.webui.pam.authenticator but let's discuss it in 
more details. I agree that it adds complexity (I use reflaction to upload class 
for PAM authentication), but what about vulnerability? Any thoughts?


> Secure HS2 web UI with PAM
> --------------------------
>
>                 Key: HIVE-18541
>                 URL: https://issues.apache.org/jira/browse/HIVE-18541
>             Project: Hive
>          Issue Type: Sub-task
>          Components: HiveServer2
>            Reporter: Oleksiy Sayankin
>            Assignee: Oleksiy Sayankin
>            Priority: Major
>             Fix For: 3.0.0
>
>         Attachments: HIVE-18541.1.patch, HIVE-18541.2.patch, 
> HIVE-18541.5.patch
>
>
> Secure HS2 web UI with PAM. Add two new properties
>  * hive.server2.webui.use.pam
>  * Default value: false
>  * Description: If true, the HiveServer2 WebUI will be secured with PAM
>  * hive.server2.webui.pam.authenticator
>  * Default value: org.apache.hive.http.security.PamAuthenticator
>  * Description: Class for PAM authentication



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to