Security
Also available as:
PDF
loading table of contents...
hive-site.xml

Hive Metastore supports Kerberos authentication for Thrift clients only. HiveServer does not support Kerberos authentication for any clients.

To the hive-site.xml file on every host in your cluster, add the following information:

Table 2.17. hive-site.xml Property Settings

Property Name

Property Value

Description

hive.metastore.sasl.enabled

true

If true, the Metastore Thrift interface will be secured with SASL and clients must authenticate with Kerberos.

hive.metastore.kerberos.keytab.file

/etc/security/keytabs/hive.service.keytab

The keytab for the Metastore Thrift service principal.

hive.metastore.kerberos.principal

hive/_HOST@EXAMPLE.COM

The service principal for the Metastore Thrift server. If _HOST is used as the hostname portion, it will be replaced with the actual hostname of the running instance.

hive.metastore.cache.pinobjtypes

Table,Database,Type, FieldSchema,Order

Comma-separated Metastore object types that should be pinned in the cache.


Following is the XML for these entries:

<property> 
     <name>hive.metastore.sasl.enabled</name> 
     <value>true</value> 
     <description>If true, the metastore thrift interface will be secured with SASL. 
     Clients must authenticate with Kerberos.</description> 
</property> 
 
<property> 
     <name>hive.metastore.kerberos.keytab.file</name> 
     <value>/etc/security/keytabs/hive.service.keytab</value> 
     <description>The path to the Kerberos Keytab file containing the
     metastore thrift server's service principal.
     </description> 
</property> 
 
<property> 
     <name>hive.metastore.kerberos.principal</name> 
     <value>hive/_HOST@EXAMPLE.COM</value> 
     <description>The service principal for the metastore thrift server. The
     special string _HOST will be replaced automatically with the correct 
     hostname.</description> 
</property> 
 
<property> 
     <name>hive.metastore.cache.pinobjtypes</name> 
     <value>Table,Database,Type,FieldSchema,Order</value> 
     <description>List of comma separated metastore object types that should be pinned in
     the cache
     </description> 
</property>