Configure Hive Metastore to Use Kerberos Authentication

  1. Configure the following properties in hive-site.xml (/opt/mapr/hive/hive-<version>/conf/hive-site.xml):
    Property Value
    hive.metastore.kerberos.keytab.file (The Keytab file that contains the HiveMetastore principle.)
    hive.metastore.kerberos.principal (The HiveMetastore principal. For example, mapr/<FQDN@REALM>).
    <property>
      <name>hive.metastore.kerberos.keytab.file</name>
      <value>/opt/mapr/conf/metastore.keytab</value>
      <description>The path to the Kerberos Keytab file containing the metastore thrift server's service principal.</description>          
    </property>
    <property>
      <name>hive.metastore.kerberos.principal</name>
      <value>mapr/<FQDN@REALM></value>
      <description>The service principal for the metastore thrift server. The special string _HOST will be replaced automatically with the correct hostname.</description>
    </property>
  2. Configure the following properties in /opt/mapr/conf/env.sh on each node where the Hive Metastore is installed:
    • Set MAPR_HIVE_LOGIN _OPTS to "-Dhadoop.login=hybrid"
    • Set MAPR_HIVE_SERVER_LOGIN_OPTS to "-Dhadoop.login=hybrid"