2.3.5. hive-site.xml

Hive Metastore supports Kerberos authentication for Thrift clients only. HiveServer does not support Kerberos authentication for any clients:

 

Table 13.7. hive-site.xml

Property NameProperty ValueDescription
hive.metastore.sasl.enabled true If true, the Metastore Thrift interface will be secured with SASL and clients must authenticate with Kerberos
hive.metastore.kerberos.keytab.file /etc/security/keytabs/hive.service.keytab The keytab for the Metastore Thrift service principal
hive.metastore.kerberos.principal hive/_HOST@EXAMPLE.COM The service principal for the Metastore Thrift server. If _HOST is used as the hostname portion, it will be replaced with the actual hostname of the running instance.
hive.server2.authenticationKERBEROS Authentication type
hive.server2.authentication.kerberos.principalhive/_HOST@EXAMPLE.COM The service principal for the HiveServer2. If _HOST is used as the hostname portion, it will be replaced with the actual hostname of the running instance.
hive.server2.authentication.kerberos. keytab /etc/security/keytabs/hive.service.keytab The keytab for the HiveServer2 service principal

The XML for these entries:

<property>    
        <name>hive.metastore.sasl.enabled</name>    
        <value>true</value>    
        <description>If true, the metastore thrift interface will be secured with
        SASL.     
        Clients must authenticate with Kerberos.</description>  
</property>    

<property>    
        <name>hive.metastore.kerberos.keytab.file</name>    
        <value>/etc/security/keytabs/hive.service.keytab</value>    
        <description>The path to the Kerberos Keytab file containing the
        metastore thrift server's service principal.</description>  
</property>    

<property>    
        <name>hive.metastore.kerberos.principal</name>    
        <value>hive/_HOST@EXAMPLE.COM</value>    
        <description>The service principal for the metastore thrift server. The
        special string _HOST will be replaced automatically with the correct 
        hostname.</description>  
</property>    
                
< property>
   <name>hive.server2.authentication</name>
    <value>KERBEROS</value>
    <description>Authentication type </description>
</property> 
  
<property>
   <name>hive.server2.authentication.kerberos.principal</name>
    <value>hive/_HOST@EXAMPLE.COM</value>
    <description>The service principal for the HiveServer2. If _HOST is
           used as the hostname portion, it will be replaced with the actual
           hostname of the running instance.</description>
</property> 

<property>
    <name>hive.server2.authentication.kerberos.keytab</name>
    <value>/etc/security/keytabs/hive.service.keytab</value>
    <description>The keytab for the HiveServer2 service principal</description>
</property>

loading table of contents...