[jira] [Updated] (HIVE-4911) Enable QOP configuration for Hive Server 2 thrift transport

Mon, 19 Aug 2013 12:54:56 -0700 

     [ 
https://issues.apache.org/jira/browse/HIVE-4911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Thejas M Nair updated HIVE-4911:
--------------------------------

    Release Note: 
This patch adds feature to enable enable integrity protection and 
confidentiality protection ( beyond just the default of authentication), for 
communication between hive jdbc driver and hive server2 . You can use SASL 
(http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer)  QOP 
property 
(http://docs.oracle.com/javase/7/docs/api/javax/security/sasl/Sasl.html#QOP) 
configure this.

- This is only when kerberos is used for the HS2 client (jdbc/odbc application) 
authentication with HS2.
- hive.server2.thrift.sasl.qop in hive site.xml has to be set to one of valid 
QOP values ('auth', 'auth-int' or 'auth-conf')
- specify sasl.qop in hive connection string sessionconf part of your jdbc hive 
connection string. eg jdbc:hive://hostname/dbname;sasl.qop=auth-int

This also adds SASL QOP protection for metastore client server communication. 
You can enable it using hadoop configuration paramter hadoop.rpc.protection.



Adding release notes.

                
> Enable QOP configuration for Hive Server 2 thrift transport
> -----------------------------------------------------------
>
>                 Key: HIVE-4911
>                 URL: https://issues.apache.org/jira/browse/HIVE-4911
>             Project: Hive
>          Issue Type: New Feature
>            Reporter: Arup Malakar
>            Assignee: Arup Malakar
>             Fix For: 0.12.0
>
>         Attachments: 20-build-temp-change-1.patch, 
> 20-build-temp-change.patch, HIVE-4911-trunk-0.patch, HIVE-4911-trunk-1.patch, 
> HIVE-4911-trunk-2.patch, HIVE-4911-trunk-3.patch
>
>
> The QoP for hive server 2 should be configurable to enable encryption. A new 
> configuration should be exposed "hive.server2.thrift.rpc.protection". This 
> would give greater control configuring hive server 2 service.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to