[
https://issues.apache.org/jira/browse/HIVE-7175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14017823#comment-14017823
]
Larry McCay commented on HIVE-7175:
-----------------------------------
Hi [~rjustice] - we may want to consider the use of the CredentialProvider API
that will be committed soon.
See HADOOP-10607. This isn't mutually exclusive with the password file approach
as there are plans to fallback to existing password files in certain
components. However, the abstraction of the API is best realized through the
new Configuration.getPassword(String name) method. This will allow you to ask
for a configuration item that you know is a password and it will check for an
aliased credential based on the name through the CredentialProvider API. If the
name is not resolved into a credential from a provider then it falls back to
the config file.
The extra hop of the separate file isn't a problem but it isn't encapsulated by
the getPassword method going into Configuration.
Just something to keep in mind.
> Provide password file option to beeline
> ---------------------------------------
>
> Key: HIVE-7175
> URL: https://issues.apache.org/jira/browse/HIVE-7175
> Project: Hive
> Issue Type: Improvement
> Components: CLI, Clients
> Affects Versions: 0.13.0
> Reporter: Robert Justice
> Labels: features, security
>
> For people connecting to Hive Server 2 with LDAP authentication enabled, in
> order to batch run commands, we currently have to provide the password openly
> in the command line. They could use some expect scripting, but I think a
> valid improvement would be to provide a password file option similar to other
> CLI commands in hadoop (e.g. sqoop) to be more secure.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
