[
https://issues.apache.org/jira/browse/HIVE-10115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mubashir Kazia updated HIVE-10115:
----------------------------------
Attachment: HIVE-10115.0.patch
Patch is against trunk.
The patch keeps Kerberos and token authentication when LDAP, PAM or Custom
authentication is enabled.
> HS2 running on a Kerberized cluster should offer Kerberos(GSSAPI) and
> Delegation token(DIGEST) when alternate authentication is enabled
> ---------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HIVE-10115
> URL: https://issues.apache.org/jira/browse/HIVE-10115
> Project: Hive
> Issue Type: Improvement
> Components: Authentication
> Affects Versions: 1.0.0
> Reporter: Mubashir Kazia
> Labels: patch
> Fix For: 1.1.0
>
> Attachments: HIVE-10115.0.patch
>
>
> In a Kerberized cluster when alternate authentication is enabled on HS2, it
> should also accept Kerberos Authentication. The reason this is important is
> because when we enable LDAP authentication HS2 stops accepting delegation
> token authentication. So we are forced to enter username passwords in the
> oozie configuration.
> The whole idea of SASL is that multiple authentication mechanism can be
> offered. If we disable Kerberos(GSSAPI) and delegation token (DIGEST)
> authentication when we enable LDAP authentication, this defeats SASL purpose.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
