You can secure the remote client connection to Hive by configuring HiveServer to use
authentication with LDAP.
When you configure HiveServer to use user and password validation backed by LDAP, the
Hive client sends a username and password during connection initiation. HiveServer
validates these credentials using an external LDAP service. You can enable LDAP
Authentication with HiveServer using Active Directory or OpenLDAP.
In Cloudera Manager, select Hive-on-Tez > Configuration .
Search for ldap.
Check Enable LDAP Authentication for HiveServer2 for Hive (Service Wide).
Enter your LDAP URL in the format
ldap[s]://<host>:<port>.
LDAP_URL is the access URL for your LDAP server. For example,
ldap://ldap_host_name.xyz.com:389
Enter the Active Directory Domain or LDAP Base DN for your environment.
Active Directory (AD)
LDAP_BaseDN
Enter the domain name of the AD server. For example,
corp.domain.com.
Enter the base LDAP distinguished name (DN) for your LDAP server. For example,
ou=dev, dc=xyz.
Click Save Changes.
Restart the Hive service.
Construct the LDAP connection string to connect to HiveServer.
The following simple example is insecure because it sends clear text
passwords.
String URL = "jdbc:hive2://node1:10000/default;user=LDAP_Userid;password=LDAP_Password"
Connection con = DriverManager.getConnection(url);
The
following example shows a secure connection string that uses encrypted
passwords.
String url ="jdbc:hive2://node1:10000/default;ssl=true;sslTrustStore=/mytruststore_path;trustStorePassword=my_truststore_password"
Connection con = DriverManager.getConnection(url);
For information about
encrypting communication, see links below.