[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

jirapos...@reviews.apache.org (Commented) (JIRA) Fri, 16 Dec 2011 18:33:05 -0800

    [ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13171419#comment-13171419
 ]

jirapos...@reviews.apache.org commented on HIVE-2616:
-----------------------------------------------------

bq.  On 2011-12-16 10:03:39, Thomas wrote:
bq.  > Instead of introducing set_ugi into the metastore thrift interface, 
could this not be solved through SASL (looks like a prime use case for SASL)? 
bq.  > 
bq.  > Have the server request transmission of ugi when configured to do so and 
the client react accordingly. Similar to how delegation token is transmitted 
(SaslClientCallbackHandler).

I am not sure, how SASL could be used to solve this problem. Furthermore, even 
if it does it will require lock-step upgrade of *all* clients, which is not 
desirable, whereas current approach doesn't have this drawback. 

- Ashutosh

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2975/#review3947
-----------------------------------------------------------

On 2011-12-03 00:07:25, Ashutosh Chauhan wrote:
bq.  
bq.  -----------------------------------------------------------
bq.  This is an automatically generated e-mail. To reply, visit:
bq.  https://reviews.apache.org/r/2975/
bq.  -----------------------------------------------------------
bq.  
bq.  (Updated 2011-12-03 00:07:25)
bq.  
bq.  
bq.  Review request for hive.
bq.  
bq.  
bq.  Summary
bq.  -------
bq.  
bq.  Pass user identity in metastore connection in unsecure mode
bq.  
bq.  
bq.  This addresses bug HIVE-2616.
bq.      https://issues.apache.org/jira/browse/HIVE-2616
bq.  
bq.  
bq.  Diffs
bq.  -----
bq.  
bq.    trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1209772 
bq.    trunk/metastore/if/hive_metastore.thrift 1209772 
bq.    trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h 1209772 
bq.    trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp 1209772 
bq.    
trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp 
1209772 
bq.    
trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
 1209772 
bq.    
trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php 
1209772 
bq.    
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote 
1209772 
bq.    
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py 
1209772 
bq.    trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb 1209772 
bq.    
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java 
1209772 
bq.    
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
 1209772 
bq.    
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
 PRE-CREATION 
bq.    trunk/shims/ivy.xml 1209772 
bq.    
trunk/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 
1209772 
bq.    
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java 
1209772 
bq.    
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
 1209772 
bq.    
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/TUGIAssumingTransport.java
 PRE-CREATION 
bq.    
trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java 
1209772 
bq.    
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java
 1209772 
bq.    
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TFilterTransport.java 
PRE-CREATION 
bq.    
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java
 PRE-CREATION 
bq.  
bq.  Diff: https://reviews.apache.org/r/2975/diff
bq.  
bq.  
bq.  Testing
bq.  -------
bq.  
bq.  All the tests in metastore dir passes. Manually tested that file on hdfs 
is owned by user running the client and not by user running metastore server.
bq.  
bq.  
bq.  Thanks,
bq.  
bq.  Ashutosh
bq.  
bq.

> Passing user identity from metastore client to server in non-secure mode
> ------------------------------------------------------------------------
>
>                 Key: HIVE-2616
>                 URL: https://issues.apache.org/jira/browse/HIVE-2616
>             Project: Hive
>          Issue Type: Bug
>          Components: Metastore
>            Reporter: Ashutosh Chauhan
>            Assignee: Ashutosh Chauhan
>         Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch
>
>
> Currently in unsecure mode client don't pass on user identity. As a result 
> hdfs and other operations done by server gets executed by user running 
> metastore process instead of being done in context of client. This results in 
> problem as reported here: 
> http://mail-archives.apache.org/mod_mbox/hive-user/201111.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

Reply via email to