Oleksiy Sayankin commented on HIVE-18541:

Well that's not a problem to throw an exception here instead of {{LOG.warn()}}

            if (!hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_WEBUI_USE_SSL)) {
              String hiveServer2PamServices = 
              if (hiveServer2PamServices == null || 
hiveServer2PamServices.isEmpty()) {
                throw new 
IllegalArgumentException(ConfVars.HIVE_SERVER2_PAM_SERVICES.varname + " is not 
              LOG.warn(ConfVars.HIVE_SERVER2_WEBUI_USE_SSL.varname + " has 
false value. It is recommended to set to true when PAM is used.");

But I real problems are in {{TestHS2HttpServerPam}} after that. Whatever I 
tried to make the test to work with https instead http did not helped me. Code 
works on real cluster with https, I can see that with {{tcpdump}}, but not in 
the test.  I changed http to https here

String baseURL = "http://"; + host + ":" + webUIPort + "/stacks";

and generate KeyStore in this manner

KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

char[] password = "some password".toCharArray();
ks.load(null, password);

// Store away the keystore.
FileOutputStream fos = new FileOutputStream("newKeyStoreFileName");
ks.store(fos, password);

but nothing. It does not work. So I have to put {{LOG.warn()}} instead of 
throwing an exception.

> Secure HS2 web UI with PAM
> --------------------------
>                 Key: HIVE-18541
>                 URL: https://issues.apache.org/jira/browse/HIVE-18541
>             Project: Hive
>          Issue Type: Sub-task
>          Components: HiveServer2
>            Reporter: Oleksiy Sayankin
>            Assignee: Oleksiy Sayankin
>            Priority: Major
>             Fix For: 3.0.0
>         Attachments: HIVE-18541.1.patch, HIVE-18541.2.patch, 
> HIVE-18541.5.patch
> Secure HS2 web UI with PAM. Add two new properties
>  * hive.server2.webui.use.pam
>  * Default value: false
>  * Description: If true, the HiveServer2 WebUI will be secured with PAM
>  * hive.server2.webui.pam.authenticator
>  * Default value: org.apache.hive.http.security.PamAuthenticator
>  * Description: Class for PAM authentication

This message was sent by Atlassian JIRA

Reply via email to