Enabling SASL in HiveServer
You can provide a Quality of Protection (QOP) that is higher than the cluster-wide default using SASL (Simple Authentication and Security Layer).
HiveServer2 by default uses hadoop.rpc.protection
for its QOP value.
Setting hadoop.rpc.protection
to a higher level than HiveServer
(HS2) does not usually make sense. HiveServer ignores
hadoop.rpc.protection
in favor of
hive.server2.thrift.sasl.qop
.
You can determine the value of hadoop.rpc.protection
: In Cloudera
Manager, click , and search for hadoop.rpc.protection
.
If you want to provide a higher QOP than the default, set one of the SASL Quality of Protection (QOP) levels as shown in the following table:
auth |
Default. Authentication only. |
auth-int |
Authentication with integrity protection. Signed message digests (checksums) verify the integrity of messages sent between client and server. |
auth-conf |
Authentication with confidentiality (transport-layer encryption) and integrity. Applicable only if HiveServer is configured to use Kerberos authentication. |