Pluggable authentication modules in HiveServer
While running in TCP transport mode, HiveServer supports Pluggable Authentication Modules (PAM). Using Pluggable Authentication Modules, you can integrate multiple authentication schemes into a single API.
You use the Cloudera Manager Safety Valve technique on
to set the following properties:hive.server2.authentication
Value = CUSTOM
hive.server2.custom.authentication.class
Value = <the pluggable auth class name>
The class you provide must be a proper implementation of the
org.apache.hive.service.auth.PasswdAuthenticationProvider
. HiveServer calls
its Authenticate(user, passed)
method to authenticate requests. The
implementation can optionally extend the Hadoop's
org.apache.hadoop.conf.Configured
class to grab the Hive
Configuration object.