[
https://issues.apache.org/jira/browse/HIVE-1696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12983814#action_12983814
]
Devaraj Das commented on HIVE-1696:
-----------------------------------
For the record, I'd like to mention that Pradeep Kamath did a lot of initial
work on the patch. Thanks, Pradeep!
> Add delegation token support to metastore
> -----------------------------------------
>
> Key: HIVE-1696
> URL: https://issues.apache.org/jira/browse/HIVE-1696
> Project: Hive
> Issue Type: Sub-task
> Components: Metastore, Security, Server Infrastructure
> Reporter: Todd Lipcon
> Assignee: Devaraj Das
> Fix For: 0.7.0
>
> Attachments: hive-1696-1-with-gen-code.patch, hive-1696-1.patch,
> hive-1696-3-with-gen-code.patch, hive-1696-3.patch,
> hive-1696-4-with-gen-code.1.patch, hive-1696-4-with-gen-code.patch,
> hive-1696-4.patch, hive-1696-4.patch, hive_1696.patch, hive_1696.patch,
> hive_1696_no-thrift.patch
>
>
> As discussed in HIVE-842, kerberos authentication is only sufficient for
> authentication of a hive user client to the metastore. There are other cases
> where thrift calls need to be authenticated when the caller is running in an
> environment without kerberos credentials. For example, an MR task running as
> part of a hive job may want to report statistics to the metastore, or a job
> may be running within the context of Oozie or Hive Server.
> This JIRA is to implement support of delegation tokens for the metastore. The
> concept of a delegation token is borrowed from the Hadoop security design -
> the quick summary is that a kerberos-authenticated client may retrieve a
> binary token from the server. This token can then be passed to other clients
> which can use it to achieve authentication as the original user in lieu of a
> kerberos ticket.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
