Author: Najmuddin Chirammal
Original Publication Date: May 18, 2015
- Is it possible to configure hue to connect to a PAM enabled hive server?
- mapr-hiveserver2 ( 1.0 or earlier )
- mapr-hue ( 3.7 on earlier. Newer versions may or may not have a change in this behaviour in future )
As of versions mentioned above or earlier of hue and hiveserver2, hue can be configured to use secure hive only if both components use kerberos for authentication,and not if the hive server requires PAM authentication. This is true even if hue itself authenticates users via PAM.
Applications that use PAM for authentication contact the PAM layer of the operating system and pass the user credentials to the PAM stack as supplied to it, to authenticate the user. Based on the validity of the credentials, it either gets back a SUCCESS or a FAILURE response. Accordingly the application uses the response to allow or deny user access to it. But since the application does not retain the credentials in it's memory or storage after the authentication, it cannot reuse it for another service which requires PAM authentication. This applies to the case of Hue here, where it does not store it's credentials to be used later to pass it for Hiveserver2 authentication.