Securing Apache HivePDF version

Enable SASL in HiveServer

You can encrypt client-server communications between HiveServer and its clients using SASL (Simple Authentication and Security Layer).

SASL is a framework for authentication and data security and an alternative to a protocol like TLS/SSL. SASL offers three different Quality of Protection (QOP) levels as shown in the following table:

auth Default. Authentication only.
auth-int Authentication with integrity protection. Signed message digests (checksums) verify the integrity of messages sent between client and server.
auth-conf Authentication with confidentiality (transport-layer encryption). Use this setting for encrypted communications from clients to HiveServer.
  1. In Cloudera Manager, navigate to Clusters > HIVE_ON_TEZ-1 > Configuration.
  2. In HiveServer2 Advanced Configuration Snippet (Safety Valve) for hive-site click + to add a property and value.
  3. Specify the QOP auth-conf setting for the SASL QOP property.
    For example,

    Name:hive.server2.thrift.sasl.qop

    Value: auth-conf

  4. Click Save Changes.
  5. Restart the Hive service.
  6. Construct a connection string for encrypting communications using SASL. 
    jdbc:hive2://fqdn.example.com:10000/default;principal=hive/_HOST@EXAMPLE.COM;sasl.qop=auth-conf
    The _HOST is a wildcard placeholder that gets automatically replaced with the fully qualified domain name (FQDN) of the server running the HiveServer daemon process.

We want your opinion

How can we improve this page?

What kind of feedback do you have?