Pluggable authentication modules in HiveServer
While running in TCP transport mode, HiveServer supports Pluggable Authentication Modules (PAM). Using Pluggable Authentication Modules, you can integrate multiple authentication schemes into a single API.
You use the Cloudera Manager Safety Valve technique on to set the following properties:
hive.server2.authenticationValue = CUSTOM
hive.server2.custom.authentication.classValue = <the pluggable auth class name>
The class you provide must be a proper implementation of the
org.apache.hive.service.auth.PasswdAuthenticationProvider. HiveServer calls
its Authenticate(user, passed) method to authenticate requests. The
implementation can optionally extend the Hadoop's
org.apache.hadoop.conf.Configured class to grab the Hive
Configuration object.
