[jira] [Commented] (HIVE-18541) Secure HS2 web UI with PAM

Wed, 14 Feb 2018 09:45:36 -0800 

    [ 
https://issues.apache.org/jira/browse/HIVE-18541?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16364499#comment-16364499
 ] 

Oleksiy Sayankin commented on HIVE-18541:
-----------------------------------------

Well that's not a problem to throw an exception here instead of {{LOG.warn()}}

{code}
            if (!hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_WEBUI_USE_SSL)) {
              String hiveServer2PamServices = 
hiveConf.getVar(ConfVars.HIVE_SERVER2_PAM_SERVICES);
              if (hiveServer2PamServices == null || 
hiveServer2PamServices.isEmpty()) {
                throw new 
IllegalArgumentException(ConfVars.HIVE_SERVER2_PAM_SERVICES.varname + " is not 
configured.");
              }
              LOG.warn(ConfVars.HIVE_SERVER2_WEBUI_USE_SSL.varname + " has 
false value. It is recommended to set to true when PAM is used.");
{code}

But I real problems are in {{TestHS2HttpServerPam}} after that. Whatever I 
tried to make the test to work with https instead http did not helped me. Code 
works on real cluster with https, I can see that with {{tcpdump}}, but not in 
the test.  I changed http to https here

{code}
String baseURL = "http://"; + host + ":" + webUIPort + "/stacks";
{code}

and generate KeyStore in this manner

{code}
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

char[] password = "some password".toCharArray();
ks.load(null, password);

// Store away the keystore.
FileOutputStream fos = new FileOutputStream("newKeyStoreFileName");
ks.store(fos, password);
fos.close();
{code}

but nothing. It does not work. So I have to put {{LOG.warn()}} instead of 
throwing an exception.

> Secure HS2 web UI with PAM
> --------------------------
>
>                 Key: HIVE-18541
>                 URL: https://issues.apache.org/jira/browse/HIVE-18541
>             Project: Hive
>          Issue Type: Sub-task
>          Components: HiveServer2
>            Reporter: Oleksiy Sayankin
>            Assignee: Oleksiy Sayankin
>            Priority: Major
>             Fix For: 3.0.0
>
>         Attachments: HIVE-18541.1.patch, HIVE-18541.2.patch, 
> HIVE-18541.5.patch
>
>
> Secure HS2 web UI with PAM. Add two new properties
>  * hive.server2.webui.use.pam
>  * Default value: false
>  * Description: If true, the HiveServer2 WebUI will be secured with PAM
>  * hive.server2.webui.pam.authenticator
>  * Default value: org.apache.hive.http.security.PamAuthenticator
>  * Description: Class for PAM authentication



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to