Hadoop Security Guide
Also available as:
loading table of contents...

HiveServer2 supports Kerberos authentication for all clients.

Add the following information to the hive-site.xml file on every host in your cluster:

Table 2.16. hive-site.xml Property Settings

Property Name



If true, the Metastore Thrift interface will be secured with SASL and clients must authenticate with Kerberos.


The keytab for the Metastore Thrift service principal.


The service principal for the Metastore Thrift server. If _HOST is used as the hostname portion, it will be replaced with the actual hostname of the running instance.

Following is the XML for these entries:

     <description>If true, the metastore thrift interface will be secured with SASL. 
     Clients must authenticate with Kerberos.</description> 
     <description>The path to the Kerberos Keytab file containing the
     metastore thrift server's service principal.
     <description>The service principal for the metastore thrift server. The
     special string _HOST will be replaced automatically with the correct