Configuring custom Kerberos principal for Hive and Hive-on-Tez

Use the steps given here to configure a custom Kerberos principal for Hive and Hive-on-Tez.

  1. Create a new Hive custom Kerberos principal, for example, hivefoo, by using the kadmin command.
    
    kadmin
      addprinc -pw example hivefoo
      xst -k /tmp/hivefoo.keytab
  2. Create a linux user on all hosts of this cluster.
    
    useradd hivefoo
    usermod -a -G hive hivefoo
    
  3. In Cloudera Manager, go to Clusters > HIVE and click Actions > Stop to stop the Hive services.
  4. In Cloudera Manager, go to Clusters > HIVE > Configuration and search for “Kerberos”.
  5. Enter the custom Kerberos principal, hivefoo, in the Kerberos Principal field.
  6. The /hiveserver2 node is created when the HiveServer2 is launched for the first time. All instance nodes are created under /hiveserver2. When the kerberos principal name is changed, the parent node must be deleted so that a new parent node can be automatically recreated with the new ACL.
    
    kinit zookeeper
    
    zookeeper-client
      delete /hiveserver2
  7. Use the following commands to set up the HDFS user home directory:
    
    kinit hdfs
    hadoop fs -mkdir /user/hivefoo
    hadoop fs -chown hivefoo:hive /user/hivefoo
    
  8. In Cloudera Manager, go to Clusters > YARN > Configuration and search for Allowed System Users. Use the Add (+) icon to add hivefoo to the list of Allowed System Users.
  9. In Cloudera Manager, go to Clusters > HIVE and click Actions > Start to start Hive services.