Szehon Ho commented on HIVE-18541:

Hi, I am sorry for the late reply.  I am mostly ok with the latest patch, 
although I would rather not allow a configuration where PAM is enabled but not 
HTTPS as its not recommended (exit versus throw a warning).  Would you have an 
issue with this?

As for the pluggable PAM Authenticator, it is just adding complexity to Hive I 
did not see is necessary, it seems like it could be a core piece of security so 
I did not see any need to make it pluggable other than the version reviewed and 
maintained by community.  Was there another motivation other than just enable 
unit test?  (It seems now you found a way to test without opening this as 


Thanks again for the patch

> Secure HS2 web UI with PAM
> --------------------------
>                 Key: HIVE-18541
>                 URL: https://issues.apache.org/jira/browse/HIVE-18541
>             Project: Hive
>          Issue Type: Sub-task
>          Components: HiveServer2
>            Reporter: Oleksiy Sayankin
>            Assignee: Oleksiy Sayankin
>            Priority: Major
>             Fix For: 3.0.0
>         Attachments: HIVE-18541.1.patch, HIVE-18541.2.patch, 
> HIVE-18541.5.patch
> Secure HS2 web UI with PAM. Add two new properties
>  * hive.server2.webui.use.pam
>  * Default value: false
>  * Description: If true, the HiveServer2 WebUI will be secured with PAM
>  * hive.server2.webui.pam.authenticator
>  * Default value: org.apache.hive.http.security.PamAuthenticator
>  * Description: Class for PAM authentication

This message was sent by Atlassian JIRA

Reply via email to