> > some connections might be not able to connect to HS2? > Not sure what you mean by "some connections". HTTP mode works for JDBC/ODBC. There are 2 modes HTTP and binary. Both are thrift it just is a different protocol. Knox only works with HTTP. Existing binary connections (which are on a different port typically) will not work but there is usually a slightly different way to connect over HTTP. This is probably a better question for the Hive project.
> Would a user be able to bypass Knox by using an old Hive CLI (no beeline > based) even if HS2 is using the latest Hive version with Hive CLI wrapping > beeline? > If the user has a Kerberos ticket then they would be able to connect I think. It is more of a question for the Hive project though. Knox can't enforce access outside of it. Kevin Risden On Wed, Mar 20, 2019 at 7:10 AM Odon Copon <odonco...@gmail.com> wrote: > Thanks Kevin. > When you said "Knox with Hive requires HiveServer2 in HTTP mode", does it > mean once this mode is activated some connections might be not able to > connect to HS2? > Would a user be able to bypass Knox by using an old Hive CLI (no beeline > based) even if HS2 is using the latest Hive version with Hive CLI wrapping > beeline? > > Thanks. > > On Wed, 13 Mar 2019 at 17:08, Kevin Risden <kris...@apache.org> wrote: > >> I'm not sure which version exactly but this is the umbrella jira tracking >> all the subtasks: >> >> https://issues.apache.org/jira/browse/HIVE-10511 >> >> Kevin Risden >> >> >> On Wed, Mar 13, 2019 at 1:04 PM Odon Copon <odonco...@gmail.com> wrote: >> >>> Amazing, thanks Kevin for the clarification. >>> Do you know exactly which version did the transition to beeline? >>> >>> On Wed, 13 Mar 2019 at 16:53, >>> Kevin Risden >>> <kris...@apache.org> wrote: >>> >>>> Knox with Hive requires HiveServer2 in HTTP mode. Hive CLI direct to >>>> metastore is not supported by Knox. Current versions of Hive as far as I >>>> know have Hive CLI wrapping beeline by default for SQL queries. >>>> >>>> Kevin Risden >>>> >>>> >>>> On Wed, Mar 13, 2019 at 12:49 PM Odon Copon <odonco...@gmail.com> >>>> wrote: >>>> >>>>> After reading Knox documentation I'm not totally sure how Knox can sit >>>>> in front of Hive accesses through JDBC/Beeline and Hive CLI. >>>>> From the docs, I see it does for JDBC connections so I assume it does >>>>> for Beeline as well, as both hit HiveServer2, but what about Hive CLI that >>>>> go directly to the Hive Metastore?. >>>>> Thanks. >>>>> >>>>
