Configuring Spark Thrift Server Encryption

Spark Thrift server encryption is supported when authentication is enabled. To configure encryption with MapR-SASL or Kerberos authentication, complete the following steps:

  1. Set the hive.server2.thrift.sasl.qop property in hive-site.xml to the value, auth-conf. The SASL Quality of Protection (QOP), or sasl.qop, setting and the authentication with confidentiality (auth-conf) value support authentication.
    <property>
                <name>hive.server2.thrift.sasl.qop</name>
                <value>auth-conf</value>
    </property>
  2. Restart Spark Thrift server to apply this change.
    Important: The MapR administrative user (generally, the account named mapr) should start Spark Thrift server. Then, process identifier (PID) files will be owned by this user, and impersonation support (where applicable) will function correctly.
    ./sbin/stop-thriftserver.sh
    ./sbin/start-thriftserver.sh