Beeline supports the following modes of operation:
Table 2.2. Beeline Modes of Operation
| Operating Mode | Description |
|---|---|
| Embedded | The Beeline client and the Hive installation both reside on the same host machine. No TCP connectivity is required. |
| Remote | Use remote mode to support multiple, concurrent clients executing queries against the same remote Hive installation. Remote transport mode supports authentication with LDAP and Kerberos. It also supports encryption with SSL. TCP connectivity is required. |
Administrators may start HiveServer2 in one of the following transport modes:
Table 2.3. HiveServer2 Transport Modes
| Transport Mode | Description |
|---|---|
| TCP | HiveServer2 uses TCP transport for sending and receiving Thrift RPC messages. |
| HTTP | HiveServer2 uses HTTP transport for sending and receiving Thrift RPC messages. |
While running in TCP transport mode, HiveServer2 supports the following authentication schemes:
Table 2.4. Authentication Schemes with TCP Transport Mode
| Authentication Scheme | Description |
|---|---|
| Kerberos | A network authentication protocol which operates that uses
the concept of 'tickets' to allow nodes in a network to securely
identify themselves. Administrators must specify
hive.server2.authentication=kerberos in the
hive-site.xml configuration file to use
this authentication scheme. |
| LDAP | The Lightweight Directory Access Protocol, an
application-layer protocol that uses the concept of 'directory
services' to share information across a network. Administrators
must specify hive.server2.authentication=ldap in
the hive-site.xml configuration file to use
this type of authentication. |
| PAM | Pluggable Authentication Modules, or PAM, allow
administrators to integrate multiple authentication schemes into
a single API. Administrators must specify
hive.server2.authentication=pam in the
hive-site.xml configuration file to use
this authentication scheme. |
| Custom | Authentication provided by a custom implementation of the
org.apache.hive.service.auth.PasswdAuthenticationProvider
interface. The implementing class must be available in the
classpath for HiveServer2 and its name provided as the value of
the hive.server2.custom.authentication.class
property in the hive-site.xml configuration
property file. |
| None | The Beeline client performs no authentication with
HiveServer2. Administrators must specify
hive.server2.authentication=none in the
hive-site.xml configuration file to use
this authentication scheme. |
| NoSASL | While running in TCP transport mode, HiveServer2 uses the
Java Simple Authentication and Security Layer (SASL) protocol to
establish a security layer between the client and server.
However, HiveServer2 also supports connections in TCP transfer
mode that do not use the SASL protocol Administrators must
specify hive.server2.authentication=nosasl in the
hive-site.xml configuration file to use
this authentication scheme. |
The next section describes the connection strings used to connect to HiveServer2 for all possible combinations of these modes, as well as the connection string required to connect to HiveServer2 in a secure cluster.
