[
https://issues.apache.org/jira/browse/HIVE-4984?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thejas M Nair updated HIVE-4984:
--------------------------------
Component/s: Security
> hive metastore should not re-use hadoop proxy configuration
> -----------------------------------------------------------
>
> Key: HIVE-4984
> URL: https://issues.apache.org/jira/browse/HIVE-4984
> Project: Hive
> Issue Type: Bug
> Components: Metastore, Security
> Affects Versions: 0.12.0
> Reporter: Thejas M Nair
>
> Hive metastore supports proxyuser/doas functionality like hadoop [1].
> Metastore allows anybody who has proxyuser privileges in core-site.xml, to be
> a metastore proxy user.
> This is a bad from a security perspective, because when a user is made proxy
> user for hadoop, it gets automatic privilege as proxy user for metastore as
> well.
> The more secure approach is to use metastore specific config parameters, like
> what oozie does. [2]
> [1] http://hadoop.apache.org/docs/stable/Secure_Impersonation.html
> [2]
> http://oozie.apache.org/docs/3.2.0-incubating/AG_Install.html#User_ProxyUser_Configuration
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
