Securing Apache HivePDF version

Pluggable authentication modules in HiveServer

While running in TCP transport mode, HiveServer supports Pluggable Authentication Modules (PAM). Using Pluggable Authentication Modules, you can integrate multiple authentication schemes into a single API.

You use the Cloudera Manager Safety Valve technique on HIVE_ON_TEZ-1 > Configuration to set the following properties:

  • hive.server2.authentication

    Value = CUSTOM

  • hive.server2.custom.authentication.class

    Value = <the pluggable auth class name>

The class you provide must be a proper implementation of the org.apache.hive.service.auth.PasswdAuthenticationProvider. HiveServer calls its Authenticate(user, passed) method to authenticate requests. The implementation can optionally extend the Hadoop's org.apache.hadoop.conf.Configured class to grab the Hive Configuration object.