This is a very good catch! We used to set it in the connection to HS2 but we need to do it at the Thrift level indeed. I spent some time looking, it seems safe for 5.1 even if a bit scary. Agreed too?
No very clean way to do, but seems to be the best compromise!
hum, I think we should no send the passord in clear in the logs ;) remove? I can do it
Review Request #4472 - Created June 26, 2014 and submitted
|abec, enricoberti, romain|
When you setup Hue to auth against HS2 with Ldap, it doesn't work. If you set "ldap_password", Hue still never sends the password over. So it fails. I had to move the LDAP_PASSWORD.get() to the get_security() method in apps/beeswax/src/beeswax/server/hive_server2_lib.py and make some thrift changes to actually send the password.
Tested without Ldap enabled in HS2 to make sure PLAIN auth worked. Tested with HS2 ldap. Tested with HS2 Ldap and Sentry. Tested with Kerberos to make sure I didn't break anything.
Fixed your comments:-). Didn't realize that was a log entry:-D
Revision 2 (+21 -8)