Configure HiveServer2 to use PAM Authentication

You can configure HiveServer2 to use Pluggable Access Modules (PAM).

The configuration requirements for PAM differ based on the version of Hive that you have installed:
  • As of Hive 0.13-1501, Hive 1.0-1510, and Hive 1.2-1510, MapR-SASL and PAM are enabled by default on a secure cluster; no configuration is required.
  • In Hive 0.13-1508 and Hive 1.0-1508, PAM is the default authentication method for HiveServer2 on a secure cluster; no configuration is required.
  • In Hive 0.13-1504 and Hive 1.0-1504, PAM is not the default authentication method and therefore it requires the following configuration steps.
  1. Configure the following properties in the hive-site.xml on the hiveserver2 node:
    Property Value
    hive.server2.authentication PAM
    hive.server2.authentication.pam.services <A comma-separated list of pam module>
    <property>
       <name>hive.server2.authentication</name>
       <value>PAM</value>
    </property>
    <property>
       <name>hive.server2.authentication.pam.services</name>
       <value>login,sudo</value>
       <description>comma separated list of pam modules to verify</description>
    </property>
  2. Restart HiveServer2 to apply these changes.
    maprcli node services -name hs2 -action restart -nodes <comma separated list of nodes>