[jira] [Commented] (HIVE-6486) Support secure Subject.doAs() in HiveServer2 JDBC client.

Tue, 05 Aug 2014 19:10:26 -0700 

    [ 
https://issues.apache.org/jira/browse/HIVE-6486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14087122#comment-14087122
 ] 

Lefty Leverenz commented on HIVE-6486:
--------------------------------------

Okay, I added the line breaks and took the liberty of changing "});" near the 
end to "}};" -- if that change is correct, you should also change it in 
TestCase_HIVE-6486.java.

* [HiveServer2 Clients -- Using Kerberos with a Pre-Authenticated Subject | 
https://cwiki.apache.org/confluence/display/Hive/HiveServer2+Clients#HiveServer2Clients-UsingKerberoswithaPre-AuthenticatedSubject]
* [TestCase_HIVE-6486.java | 
https://issues.apache.org/jira/secure/attachment/12633984/TestCase_HIVE-6486.java]

Is the indentation appropriate?  It seems excessive and this part bothers me:

{code}
                       {
               public Object run()
               {
{code}

> Support secure Subject.doAs() in HiveServer2 JDBC client.
> ---------------------------------------------------------
>
>                 Key: HIVE-6486
>                 URL: https://issues.apache.org/jira/browse/HIVE-6486
>             Project: Hive
>          Issue Type: Improvement
>          Components: Authentication, HiveServer2, JDBC
>    Affects Versions: 0.11.0, 0.12.0
>            Reporter: Shivaraju Gowda
>            Assignee: Shivaraju Gowda
>             Fix For: 0.13.0
>
>         Attachments: HIVE-6486.1.patch, HIVE-6486.2.patch, HIVE-6486.3.patch, 
> HIVE-6486_Hive0.11.patch, TestCase_HIVE-6486.java
>
>
> HIVE-5155 addresses the problem of kerberos authentication in multi-user 
> middleware server using proxy user.  In this mode the principal used by the 
> middle ware server has privileges to impersonate selected users in 
> Hive/Hadoop. 
> This enhancement is to support Subject.doAs() authentication in  Hive JDBC 
> layer so that the end users Kerberos Subject is passed through in the middle 
> ware server. With this improvement there won't be any additional setup in the 
> server to grant proxy privileges to some users and there won't be need to 
> specify a proxy user in the JDBC client. This version should also be more 
> secure since it won't require principals with the privileges to impersonate 
> other users in Hive/Hadoop setup.
>  



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to