[
https://issues.apache.org/jira/browse/HIVE-6486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13915308#comment-13915308
]
Vaibhav Gumashta commented on HIVE-6486:
----------------------------------------
[~shivshi]: I've added some comments on the review board.
Just to clarify my understanding, when you say:
"Other than the use case in the Description of this issue, the attached patch
will also enhance Kerberos support in Hive JDBC driver by allowing the user to
programmatically login to the kerberos(i.e without a key tab or ticket cache,
etc.). Furthermore this is done without the dependency on the other component's
jars(hadoop-core*.jar)."
you mean cases where the client's Subject is already set up before issuing the
JDBC calls - right?
[~prasadm] [~thejas] you might want to take a look. Thanks!
> Support secure Subject.doAs() in HiveServer2 JDBC client.
> ---------------------------------------------------------
>
> Key: HIVE-6486
> URL: https://issues.apache.org/jira/browse/HIVE-6486
> Project: Hive
> Issue Type: Improvement
> Components: JDBC
> Affects Versions: 0.11.0, 0.12.0
> Reporter: Shivaraju Gowda
> Attachments: Hive_011_Support-Subject_doAS.patch,
> TestHive_SujectDoAs.java
>
>
> HIVE-5155 addresses the problem of kerberos authentication in multi-user
> middleware server using proxy user. In this mode the principal used by the
> middle ware server has privileges to impersonate selected users in
> Hive/Hadoop.
> This enhancement is to support Subject.doAs() authentication in Hive JDBC
> layer so that the end users Kerberos Subject is passed through in the middle
> ware server. With this improvement there won't be any additional setup in the
> server to grant proxy privileges to some users and there won't be need to
> specify a proxy user in the JDBC client. This version should also be more
> secure since it won't require principals with the privileges to impersonate
> other users in Hive/Hadoop setup.
>
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
