Hadoop Security Guide
Also available as:
PDF
loading table of contents...
hive-site.xml

HiveServer2 supports Kerberos authentication for all clients.

Add the following information to the hive-site.xml file on every host in your cluster:

Table 2.16. hive-site.xml Property Settings

Property Name

Description

hive.metastore.sasl.enabled

If true, the Metastore Thrift interface will be secured with SASL and clients must authenticate with Kerberos.

hive.metastore.kerberos.keytab.file

The keytab for the Metastore Thrift service principal.

hive.metastore.kerberos.principal

The service principal for the Metastore Thrift server. If _HOST is used as the hostname portion, it will be replaced with the actual hostname of the running instance.


Following is the XML for these entries:

<property> 
     <name>hive.metastore.sasl.enabled</name> 
     <value>true</value> 
     <description>If true, the metastore thrift interface will be secured with SASL. 
     Clients must authenticate with Kerberos.</description> 
</property> 
 
<property> 
     <name>hive.metastore.kerberos.keytab.file</name> 
     <value>/etc/security/keytabs/hive.service.keytab</value> 
     <description>The path to the Kerberos Keytab file containing the
     metastore thrift server's service principal.
     </description> 
</property> 
 
<property> 
     <name>hive.metastore.kerberos.principal</name> 
     <value>hive/_HOST@EXAMPLE.COM</value> 
     <description>The service principal for the metastore thrift server. The
     special string _HOST will be replaced automatically with the correct 
     hostname.</description> 
</property>