Can hue be configured to connect to PAM enabled hive server?

Document created by najmuddin_chirammal Employee on Feb 7, 2016
Version 1Show Document
  • View in full screen mode

Author: Najmuddin Chirammal

 

Original Publication Date: May 18, 2015

 

Issue

  • Is it possible to configure hue to connect to a PAM enabled hive server?

Environment

  • mapr-hiveserver2 ( 1.0 or earlier  )
  • mapr-hue ( 3.7 on earlier. Newer versions may or may not have a change in this behaviour in future )

Resolution

As of versions mentioned above or earlier of hue and hiveserver2, hue can be configured to use secure hive only if both components use kerberos for authentication,and not if the hive server requires PAM authentication. This is true even if hue itself authenticates users via PAM.

Root Cause

Applications that use PAM for authentication contact the PAM layer of the operating system and pass the user credentials to the PAM stack as supplied to it, to authenticate the user. Based on the validity of the credentials, it either gets back a SUCCESS or a FAILURE response. Accordingly the application uses the response to allow or deny user access to it. But since the application does not retain the credentials in it's memory or storage after the authentication, it cannot reuse it for another service which requires PAM authentication. This applies to the case of Hue here, where it does not store it's credentials to be used later to pass it for Hiveserver2 authentication.

 

Attachments

    Outcomes