2.3.3. Configuring Secure Hive

Use the following description to set up secure Hive Metastore and HiveServer2.

Using a text editor, edit the /etc/hive/conf/hive-site.xml file, to add or modify the following information:

<property>    
        <name>hive.metastore.sasl.enabled</name>    
        <value>true</value>    
        <description>If true, the metastore thrift interface will be secured with
        SASL.     
        Clients must authenticate with Kerberos.</description>  
</property>    
<property>    
        <name>hive.metastore.kerberos.keytab.file</name>    
        <value>/etc/security/keytabs/hive.service.keytab</value>    
        <description>The path to the Kerberos Keytab file containing the
        metastore thrift server's service principal.</description>  
</property>   
<property>    
        <name>hive.metastore.kerberos.principal</name>    
        <value>hive/_HOST@EXAMPLE.COM</value>    
        <description>The service principal for the metastore thrift server. The special string _HOST will be replaced automatically with the correct  hostname.</description>  
</property>
< property>
   <name>hive.server2.authentication</name>
    <value>KERBEROS</value>
    <description>Authentication type </description>
</property> 
<property>
   <name>hive.server2.authentication.kerberos.principal</name>
    <value>hive/_HOST@EXAMPLE.COM</value>
    <description>The service principal for the HiveServer2. If _HOST is used as the hostname portion, it will be replaced with the actual hostname of the running instance.</description>
</property>
<property>
    <name>hive.server2.authentication.kerberos.keytab</name>
    <value>/etc/security/keytabs/hive.service.keytab</value>
    <description>The keytab for the HiveServer2 service principal</description>
</property>

loading table of contents...