Hive Authentication
HiveServer supports authentication of clients using Kerberos or user/password validation backed by LDAP.
If you configure HiveServer to use Kerberos authentication, HiveServer acquires a Kerberos
ticket during startup. HiveServer requires a principal and keytab file specified in the
configuration. Client applications (for example, JDBC or Beeline) must have a valid
Kerberos ticket before initiating a connection to HiveServer2. JDBC-based clients must
include
principal=<hive.server2.authentication.principal>
in the JDBC
connection string. For example:
String url = "jdbc:hive2://node1:10000/default;principal=hive/HiveServerHost@YOUR-REALM.COM"
Connection con = DriverManager.getConnection(url);
where hive
is the principal configured in hive-site.xml
and HiveServerHost is the host where HiveServer is running.To start Beeline and connect to a secure HiveServer, enter a command as shown in the following example:
beeline -u "jdbc:hive2://10.65.13.98:10000/default;principal=hive/_HOST@CLOUDERA.SITE"
In CDP Private Cloud Base, under certain circumstances, you can query remote clusters that use a different version of Hive than the version installed on your cluster. You can query the data on the remote cluster and include WRITE operations from the local cluster.
Examples of Supported Queries
CREATE TABLE orders_ctas AS SELECT * FROM orders_ext;
INSERT INTO orders_ctas SELECT * FROM orders_ext;
INSERT OVERWRITE TABLE orders_ctas SELECT * FROM orders_ext;