Configure HiveServer2 to Use Kerberos Authentication
About this task
Enabling HiveServer to use Kerberos authentication requires following steps on each node where HiveServer 2 is installed:
Procedure
-
Configure the following properties in hive-site.xml on
each node where hiveserver2 is installed:
Property Value hive.server2.authentication
KERBEROS hive.server2.authentication.kerberos.principal
<HiveServer2 Principle. For example, mapr/FQDN@REALM> hive.server2.authentication.kerberos.keytab
<The keytab file for the HiverServer2 principle. For example, /opt/mapr/conf/hive.keytab> <property> <name>hive.server2.authentication</name> <value>KERBEROS</value> <description>authenticationtype</description> </property> <property> <name>hive.server2.authentication.kerberos.principal</name> <value>mapr/FQDN@REALM</value> <description>HiveServer2 principal. If _HOST is used as the FQDN portion, it will be replaced with the actual hostname of the running instance.</description> </property> <property> <name>hive.server2.authentication.kerberos.keytab</name> <value>/opt/mapr/conf/hive.keytab</value> <description>Keytab file for HiveServer2 principal</description> </property>
-
Reconfigure following options in
env.sh
(/opt/mapr/conf/env.sh
) on each node where hiveserver2 is installed:Existing Configuration Required Configuration MAPR_HIVE_SERVER_LOGIN_OPTS="-Dhadoop.login=maprsasl_keytab"
MAPR_HIVE_LOGIN_OPTS="-Dhadoop.login=maprsasl"
MAPR_HIVE_SERVER_LOGIN_OPTS="-Dhadoop.login=hybrid"
MAPR_HIVE_LOGIN_OPTS="-Dhadoop.login=hybrid"
NOTE: These configuration are listed in the portion of the file that begins withif ["$MAPR_SECURITY_STATUS" = "true" ];
-
Restart HiveServer2 to apply these changes.
maprcli node services -name hs2 -action restart -nodes <comma separated list of nodes>