ShreyeshArangath opened a new issue, #3145:
URL: https://github.com/apache/iceberg-python/issues/3145
### Feature Request / Improvement
## Summary
PyIceberg's HiveCatalog supports Kerberos (GSSAPI) authentication via
`hive.kerberos-authentication`, but does not support DIGEST-MD5 SASL
authentication with Hadoop delegation tokens. In many production Hadoop
environments, pods/containers authenticate to HMS using delegation tokens (read
from `$HADOOP_TOKEN_FILE_LOCATION`) rather than Kerberos keytabs. This means
PyIceberg's Hive catalog cannot be used in these environments without building
a custom client.
## Proposed Enhancement
Extend `_HiveClient` to support DIGEST-MD5 delegation token auth:
1. Add a new config property (e.g.
`hive.metastore.authentication=DIGEST-MD5`)
2. When DIGEST-MD5 is configured, read credentials from
`$HADOOP_TOKEN_FILE_LOCATION` (Hadoop Writable credentials format)
3. Use `TSaslClientTransport` with mechanism=DIGEST-MD5 and the extracted
token identifier/password
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
