[
https://issues.apache.org/jira/browse/HIVE-1696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12972171#action_12972171
]
Devaraj Das commented on HIVE-1696:
-----------------------------------
Upon a bit more thought, it seems to me that we don't actually need the
DelegationTokenManager shim. Since the delegation token stuff is part of Hadoop
20S, we might as well merge these classes/methods in the 20S shim...
> Add delegation token support to metastore
> -----------------------------------------
>
> Key: HIVE-1696
> URL: https://issues.apache.org/jira/browse/HIVE-1696
> Project: Hive
> Issue Type: Sub-task
> Components: Metastore, Security, Server Infrastructure
> Reporter: Todd Lipcon
> Attachments: hive_1696.patch
>
>
> As discussed in HIVE-842, kerberos authentication is only sufficient for
> authentication of a hive user client to the metastore. There are other cases
> where thrift calls need to be authenticated when the caller is running in an
> environment without kerberos credentials. For example, an MR task running as
> part of a hive job may want to report statistics to the metastore, or a job
> may be running within the context of Oozie or Hive Server.
> This JIRA is to implement support of delegation tokens for the metastore. The
> concept of a delegation token is borrowed from the Hadoop security design -
> the quick summary is that a kerberos-authenticated client may retrieve a
> binary token from the server. This token can then be passed to other clients
> which can use it to achieve authentication as the original user in lieu of a
> kerberos ticket.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
