Hive Authentication

The authentication method that you configure for the Hive Metastore, HiveServer2, and WebHcat determines how these Hive components access and connect to each other.

Clients of these components may require additional configuration and specific connection strings based on the selected authentication method.

To enable and use authentication for Hive, complete the following steps:

  1. Determine which authentication methods are supported for each component and its clients.
  2. Configure authentication for Hive components and their clients. See the following topics:
  3. Determine how clients connect to each component. See Connecting to Hive.

Hive Metastore Authentication Support

The following table describes the different supported authentication methods for Hive Metastore and how it impacts the authentication options for its clients:

MapR Cluster Hive Metastore (Remote) Authentication HiveServer 2 Authentication Options WebHCat Authentication Options
Secure

No authentication

  • No authentication
  • Kerberos
  • LDAP Authentication
  • PAM
  • Custom
  • MapR-SASL

PAM

Secure

Kerberos

Kerberos

Kerberos with SPNEGO

Secure

MapR-SASL(default)*

MapR-SASL (default)*

PAM

Not Secure

No authentication

No authentication

Simple authentication with <user.name> only

*As of Hive 0.13-1504 and Hive 1.0-1504, Hive Metastore supports MapR-SASL and MapR-SASL is enabled by default when the MapR cluster is secure.

HiveServer2 Authentication Support

The following table describes the different supported authentication option for HiveServer2 based on the authentication method configured for Hive Metastore:

MapR Cluster Hive Metastore (Remote) Authentication HiveServer 2 Authentication Options
Secure

No authentication

No authentication

Secure

No authentication

Kerberos
Secure

No authentication

LDAP
Secure

No authentication

PAM(default)*
Secure

No authentication

Custom
Secure

No authentication

MapR-SASL*
Secure

Kerberos

Kerberos

Secure

MapR-SASL(default)*

MapR-SASL*

Not Secure

No authentication

No authentication

*As of Hive 0.13-1510, Hive 1.0-1510, and Hive 1.2.1-1510, PAM and MapR-SASL are enabled by default when the cluster is secure. In Hive 0.13-1508 and Hive 1.0-1508, PAM is enabled by default when the cluster is secure. In Hive 0.13-1504 and Hive 1.0-1504, MapR-SASL is supported and enabled by default when the MapR cluster is secure.

Clients of HiveServer2 authenticate with the same authentication method that is configured for HiveServer2. Clients of HiveServer 2 include ODBC, JDBC, and Beeline.

Note: Connections to HiveServer2 using ODBC do not support MapR-SASL.

WebHCat Authentication Support

The following table describes the different authentication options for WebHCat based on the authentication method configured for Hive Metastore :

MapR Cluster Hive Metastore (Remote) Authentication WebHCat Authentication
Secure

Kerberos

Kerberos with SPNEGO

Secure Kerberos PAM
Secure

MapR-SASL(default)*

PAM
Not Secure

No authentication

Simple authentication with user.name only
*As of Hive 0.13-1504 and Hive 1.0-1504, Hive Metastore supports MapR-SASL and MapR-SASL is enabled by default when the MapR cluster is secure.

Clients of WebHCat authenticate with the same authentication method that is configured for WebHCat. Web browsers are clients of WebHCat.