Oleksiy Sayankin commented on HIVE-18541:

[~szehon] from review board:


What do you think if we do not expose this as configurable?  It adds complexity 
and a bit of security vulnerability if we do this.

Could you please explain what type of security vulnerability do you see here? 
Though I removed hive.server2.webui.pam.authenticator but let's discuss it in 
more details. I agree that it adds complexity (I use reflaction to upload class 
for PAM authentication), but what about vulnerability? Any thoughts?

> Secure HS2 web UI with PAM
> --------------------------
>                 Key: HIVE-18541
>                 URL: https://issues.apache.org/jira/browse/HIVE-18541
>             Project: Hive
>          Issue Type: Sub-task
>          Components: HiveServer2
>            Reporter: Oleksiy Sayankin
>            Assignee: Oleksiy Sayankin
>            Priority: Major
>             Fix For: 3.0.0
>         Attachments: HIVE-18541.1.patch, HIVE-18541.2.patch, 
> HIVE-18541.5.patch
> Secure HS2 web UI with PAM. Add two new properties
>  * hive.server2.webui.use.pam
>  * Default value: false
>  * Description: If true, the HiveServer2 WebUI will be secured with PAM
>  * hive.server2.webui.pam.authenticator
>  * Default value: org.apache.hive.http.security.PamAuthenticator
>  * Description: Class for PAM authentication

This message was sent by Atlassian JIRA

Reply via email to