Hive Authentication

HiveServer supports authentication of clients using Kerberos or user/password validation backed by LDAP.

If you configure HiveServer to use Kerberos authentication, HiveServer acquires a Kerberos ticket during startup. HiveServer requires a principal and keytab file specified in the configuration. Client applications (for example, JDBC or Beeline) must have a valid Kerberos ticket before initiating a connection to HiveServer2. JDBC-based clients must include principal=<hive.server2.authentication.principal> in the JDBC connection string. For example:
String url = "jdbc:hive2://node1:10000/default;principal=hive/HiveServerHost@YOUR-REALM.COM"
Connection con = DriverManager.getConnection(url);
where hive is the principal configured in hive-site.xml and HiveServerHost is the host where HiveServer is running.

To start Beeline and connect to a secure HiveServer, enter a command as shown in the following example:

beeline -u "jdbc:hive2://;principal=hive/_HOST@CLOUDERA.SITE"