Hive Metastore supports Kerberos authentication for Thrift clients only. HiveServer does not support Kerberos authentication for any clients.
Edit the HIVE_CONF_DIR/hive-site.xml
<property>
<name>hive.metastore.sasl.enabled</name>
<value>true</value>
<description>If true, the metastore thrift interface will be secured with
SASL.
Clients must authenticate with Kerberos.</description>
</property>
<property>
<name>hive.metastore.kerberos.keytab.file</name>
<value>/etc/security/keytabs/hive.service.keytab</value>
<description>The path to the Kerberos Keytab file containing the
metastore thrift server's service principal.</description>
</property>
<property>
<name>hive.metastore.kerberos.principal</name>
<value>hive/_HOST@EXAMPLE.COM</value>
<description>The service principal for the metastore thrift server.
The special string _HOST will be replaced automatically with the correct hostname.</description>
</property>
< property>
<name>hive.server2.authentication</name>
<value>KERBEROS</value>
<description>Authentication type </description>
</property>
<property>
<name>hive.server2.authentication.kerberos.principal</name>
<value>hive/_HOST@EXAMPLE.COM</value>
<description>The service principal for the HiveServer2.
If _HOST is used as the hostname portion, it will be replaced with the
actual hostname of the running instance.</description>
</property>
<property>
<name>hive.server2.authentication.kerberos.keytab</name>
<value>/etc/security/keytabs/hive.service.keytab</value>
<description>The keytab for the HiveServer2 service principal</description>
</property>
where HIVE_CONF_DIR is the directory to store the Hive configuration files. For example, /etc/hive/conf.
