hive-site.xml
Hive Metastore supports Kerberos authentication for Thrift clients only. HiveServer does not support Kerberos authentication for any clients.
To the hive-site.xml file on every host in your cluster,
add the following information:
Table 26.10. hive-site.xml Property Settings
|
Property Name |
Property Value |
Description |
|---|---|---|
|
hive.metastore.sasl.enabled |
true |
If true, the Metastore Thrift interface will be secured with SASL and clients must authenticate with Kerberos. |
|
hive.metastore.kerberos.keytab.file |
/etc/security/keytabs/hive.service.keytab |
The keytab for the Metastore Thrift service principal. |
|
hive.metastore.kerberos.principal |
hive/_HOST@EXAMPLE.COM |
The service principal for the Metastore Thrift server. If _HOST is used as the hostname portion, it will be replaced with the actual hostname of the running instance. |
|
hive.metastore.cache.pinobjtypes |
Table,Database,Type, FieldSchema,Order |
Comma-separated Metastore object types that should be pinned in the cache. |
Following is the XML for these entries:
<property>
<name>hive.metastore.sasl.enabled</name>
<value>true</value>
<description>If true, the metastore thrift interface will be secured with SASL.
Clients must authenticate with Kerberos.</description>
</property>
<property>
<name>hive.metastore.kerberos.keytab.file</name>
<value>/etc/security/keytabs/hive.service.keytab</value>
<description>The path to the Kerberos Keytab file containing the
metastore thrift server's service principal.
</description>
</property>
<property>
<name>hive.metastore.kerberos.principal</name>
<value>hive/_HOST@EXAMPLE.COM</value>
<description>The service principal for the metastore thrift server. The
special string _HOST will be replaced automatically with the correct
hostname.</description>
</property>
<property>
<name>hive.metastore.cache.pinobjtypes</name>
<value>Table,Database,Type,FieldSchema,Order</value>
<description>List of comma separated metastore object types that should be pinned in
the cache
</description>
</property>