> On 2011-12-16 10:03:39, Thomas wrote: > > Instead of introducing set_ugi into the metastore thrift interface, could > > this not be solved through SASL (looks like a prime use case for SASL)? > > > > Have the server request transmission of ugi when configured to do so and > > the client react accordingly. Similar to how delegation token is > > transmitted (SaslClientCallbackHandler).
I am not sure, how SASL could be used to solve this problem. Furthermore, even if it does it will require lock-step upgrade of *all* clients, which is not desirable, whereas current approach doesn't have this drawback. - Ashutosh ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2975/#review3947 ----------------------------------------------------------- On 2011-12-03 00:07:25, Ashutosh Chauhan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/2975/ > ----------------------------------------------------------- > > (Updated 2011-12-03 00:07:25) > > > Review request for hive. > > > Summary > ------- > > Pass user identity in metastore connection in unsecure mode > > > This addresses bug HIVE-2616. > https://issues.apache.org/jira/browse/HIVE-2616 > > > Diffs > ----- > > trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1209772 > trunk/metastore/if/hive_metastore.thrift 1209772 > trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h 1209772 > trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp 1209772 > > trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp > 1209772 > > trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java > 1209772 > > trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php > 1209772 > > trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote > 1209772 > trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py > 1209772 > trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb 1209772 > > trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java > 1209772 > > trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java > 1209772 > > trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java > PRE-CREATION > trunk/shims/ivy.xml 1209772 > trunk/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java > 1209772 > trunk/shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java > 1209772 > > trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java > 1209772 > > trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/TUGIAssumingTransport.java > PRE-CREATION > trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java > 1209772 > > trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java > 1209772 > > trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TFilterTransport.java > PRE-CREATION > > trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java > PRE-CREATION > > Diff: https://reviews.apache.org/r/2975/diff > > > Testing > ------- > > All the tests in metastore dir passes. Manually tested that file on hdfs is > owned by user running the client and not by user running metastore server. > > > Thanks, > > Ashutosh > >
