hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aihua Xu (JIRA)" <>
Subject [jira] [Commented] (HIVE-12688) HIVE-11826 makes hive unusable in properly secured cluster
Date Wed, 16 Dec 2015 21:44:47 GMT


Aihua Xu commented on HIVE-12688:

I'm not able to work on that until next week. So please revert it and I will try to provide
better approach for that.

So agree with your approach. 

Sent from my iPhone

> HIVE-11826 makes hive unusable in properly secured cluster
> ----------------------------------------------------------
>                 Key: HIVE-12688
>                 URL:
>             Project: Hive
>          Issue Type: Bug
>    Affects Versions: 1.3.0, 2.0.0
>            Reporter: Thejas M Nair
>            Assignee: Thejas M Nair
>            Priority: Blocker
>         Attachments: HIVE-12688.1.patch
> HIVE-11826 makes a change to restrict connections to metastore to users who belong to
groups under 'hadoop.proxyuser.hive.groups'.
> That property was only a meant to be a hadoop property, which controls what users the
hive user can impersonate. What this change is doing is to enable use of that to also restrict
who can connect to metastore server. This is new functionality, not a bug fix. There is value
to this functionality.
> However, this change makes hive unusable in a properly secured cluster. If 'hadoop.proxyuser.hive.hosts'
is set to the proper set of hosts that run Metastore and Hiveserver2 (instead of a very open
"*"), then users will be able to connect to metastore only from those hosts.

This message was sent by Atlassian JIRA

View raw message