[
https://issues.apache.org/jira/browse/HIVE-22267?focusedWorklogId=323235&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-323235
]
ASF GitHub Bot logged work on HIVE-22267:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 04/Oct/19 06:44
Start Date: 04/Oct/19 06:44
Worklog Time Spent: 10m
Work Description: ashutosh-bapat commented on pull request #793:
HIVE-22267 : Support password based authentication for HMS along-side kerberos
authentication.
URL: https://github.com/apache/hive/pull/793#discussion_r331359501
##########
File path:
standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/conf/MetastoreConf.java
##########
@@ -1039,8 +1136,27 @@ public static ConfVars getMetaConf(String name) {
"More users can be added in ADMIN role later."),
USE_SSL("metastore.use.SSL", "hive.metastore.use.SSL", false,
"Set this to true for using SSL encryption in HMS server."),
+ // We should somehow unify next two options.
USE_THRIFT_SASL("metastore.sasl.enabled", "hive.metastore.sasl.enabled",
false,
"If true, the metastore Thrift interface will be secured with SASL.
Clients must authenticate with Kerberos."),
+ METASTORE_CLIENT_USE_PLAIN_AUTH("metastore.client.use.plain.auth",
+ "metastore.client.use.plain.auth", false,
+ "If true, clients will authenticate using plain authentication, by
providing username" +
+ " and password."),
+ METASTORE_CLIENT_PLAIN_USERNAME("metastore.client.plain.username",
+ "metastore.client.plain.username", "",
+ "The username used by the metastore client when " +
+ METASTORE_CLIENT_USE_PLAIN_AUTH + " is true. The password
is obtained from " +
+ CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH + "
using username as the " +
+ "alias."),
+ THRIFT_AUTH_CONFIG_USERNAME("metastore.authentication.config.username",
Review comment:
The first one is client side config. It will be used whenever there's PLAIN
authentication. That specifies what username to provide to the server.
The other is server side and used only when CONFIG authentication is used.
It's the username that will be matched against the username provided by the
client.
They can't be combined.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 323235)
Time Spent: 1h 40m (was: 1.5h)
> Support password based authentication in HMS
> --------------------------------------------
>
> Key: HIVE-22267
> URL: https://issues.apache.org/jira/browse/HIVE-22267
> Project: Hive
> Issue Type: New Feature
> Reporter: Ashutosh Bapat
> Assignee: Ashutosh Bapat
> Priority: Major
> Labels: pull-request-available
> Attachments: HIVE-22267.00.patch, HIVE-22267.01.patch,
> HIVE-22267.02.patch, HIVE-22267.03.patch, HIVE-22267.04.patch,
> HIVE-22267.05.patch, HIVE-22267.06.patch, HIVE-22267.07.patch,
> HIVE-22267.08.patch
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> Similar to HS2, support password based authentication in HMS.
> Right now we provide LDAP and CONFIG based options. The later allows to set
> user and password in config and is used only for testing.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
