Hive authentication
HiveServer supports authentication of clients using Kerberos or user/password validation backed by LDAP.
If you configure HiveServer to use Kerberos authentication, HiveServer acquires a Kerberos
ticket during startup. HiveServer requires a principal and keytab file specified in the
configuration. Client applications (for example, JDBC or Beeline) must have a valid
Kerberos ticket before initiating a connection to HiveServer2. JDBC-based clients must
include
principal=<hive.server2.authentication.principal>
in the JDBC
connection string. For example:
String url = "jdbc:hive2://node1:10000/default;principal=hive/HiveServerHost@YOUR-REALM.COM"
Connection con = DriverManager.getConnection(url);
where hive
is the principal configured in hive-site.xml
and HiveServerHost is the host where HiveServer is running.To start Beeline and connect to a secure HiveServer, enter a command as shown in the following example:
beeline -u "jdbc:hive2://10.65.13.98:10000/default;principal=hive/_HOST@CLOUDERA.SITE"