Here is a summary of the status of Hive security in CDH 5:
- Sentry enables role-based, fine-grained authorization for HiveServer2. See Sentry Policy File Authorization.
- HiveServer2 supports authentication of the Thrift client using Kerberos or user/password validation backed by LDAP. For configuration instructions, see HiveServer2 Security Configuration.
- Earlier versions of HiveServer do not support Kerberos authentication for clients. However, the Hive MetaStoreServer does support Kerberos authentication for Thrift clients. For configuration instructions, see Hive MetaStoreServer Security Configuration.