[
https://issues.apache.org/jira/browse/HIVE-11826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14804635#comment-14804635
]
Ashutosh Chauhan commented on HIVE-11826:
-----------------------------------------
Seems like even in 0.13
https://github.com/apache/hive/blob/ff80bddb86d7a7c4804bf388f8324056f6b1dae0/shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java#L612
we were not calling this. So, wondering how it worked then?
Also, this method is deprecated in favor of one without Configuration argument.
> 'hadoop.proxyuser.hive.groups' configuration doesn't prevent unauthorized
> user to access metastore
> --------------------------------------------------------------------------------------------------
>
> Key: HIVE-11826
> URL: https://issues.apache.org/jira/browse/HIVE-11826
> Project: Hive
> Issue Type: Bug
> Components: Metastore
> Affects Versions: 2.0.0
> Reporter: Aihua Xu
> Assignee: Aihua Xu
> Attachments: HIVE-11826.2.patch, HIVE-11826.patch
>
>
> With 'hadoop.proxyuser.hive.groups' configured in core-site.xml to certain
> groups, currently if you run the job with a user not belonging to those
> groups, it won't fail to access metastore. With old version hive 0.13,
> actually it fails properly.
> Seems HadoopThriftAuthBridge20S.java correctly call ProxyUsers.authorize()
> while HadoopThriftAuthBridge23 doesn't.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
