Enable SASL in HiveServer
You can encrypt client-server communications between HiveServer and its clients using SASL (Simple Authentication and Security Layer).
SASL is a framework for authentication and data security and an alternative to a protocol like TLS/SSL. SASL offers three different Quality of Protection (QOP) levels as shown in the following table:
||Default. Authentication only.|
||Authentication with integrity protection. Signed message digests (checksums) verify the integrity of messages sent between client and server.|
||Authentication with confidentiality (transport-layer encryption). Use this setting for encrypted communications from clients to HiveServer.|
- In Cloudera Manager, navigate to .
- In HiveServer2 Advanced Configuration Snippet (Safety Valve) for hive-site click + to add a property and value.
Specify the QOP
auth-confsetting for the SASL QOP property.For example,
- Click Save Changes.
- Restart the Hive service.
Construct a connection string for encrypting communications using SASL.
jdbc:hive2://fqdn.example.com:10000/default;principal=hive/_HOST@EXAMPLE.COM;sasl.qop=auth-confThe _HOST is a wildcard placeholder that gets automatically replaced with the fully qualified domain name (FQDN) of the server running the HiveServer daemon process.