[
https://issues.apache.org/jira/browse/HIVE-1696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carl Steinbach updated HIVE-1696:
---------------------------------
Component/s: Authentication
> Add delegation token support to metastore
> -----------------------------------------
>
> Key: HIVE-1696
> URL: https://issues.apache.org/jira/browse/HIVE-1696
> Project: Hive
> Issue Type: Sub-task
> Components: Authentication, Metastore, Security, Server
> Infrastructure
> Reporter: Todd Lipcon
> Assignee: Devaraj Das
> Fix For: 0.7.0
>
> Attachments: hive-1696-1-with-gen-code.patch, hive-1696-1.patch,
> hive-1696-3-with-gen-code.patch, hive-1696-3.patch,
> hive-1696-4-with-gen-code.1.patch, hive-1696-4-with-gen-code.patch,
> hive-1696-4.patch, hive-1696-4.patch, hive_1696.patch, hive_1696.patch,
> hive_1696_no-thrift.patch
>
>
> As discussed in HIVE-842, kerberos authentication is only sufficient for
> authentication of a hive user client to the metastore. There are other cases
> where thrift calls need to be authenticated when the caller is running in an
> environment without kerberos credentials. For example, an MR task running as
> part of a hive job may want to report statistics to the metastore, or a job
> may be running within the context of Oozie or Hive Server.
> This JIRA is to implement support of delegation tokens for the metastore. The
> concept of a delegation token is borrowed from the Hadoop security design -
> the quick summary is that a kerberos-authenticated client may retrieve a
> binary token from the server. This token can then be passed to other clients
> which can use it to achieve authentication as the original user in lieu of a
> kerberos ticket.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
