hive-site.xml
HiveServer2 supports Kerberos authentication for all clients.
Add the following information to the hive-site.xml file on
                        every host in your cluster:
Table 2.17. hive-site.xml Property Settings
| Property Name | Property Value | Description | 
|---|---|---|
| hive.metastore.sasl.enabled | true | If true, the Metastore Thrift interface will be secured with SASL and clients must authenticate with Kerberos. | 
| hive.metastore.kerberos.keytab.file | /etc/security/keytabs/hive.service.keytab | The keytab for the Metastore Thrift service principal. | 
| hive.metastore.kerberos.principal | hive/_HOST@EXAMPLE.COM | The service principal for the Metastore Thrift server. If _HOST is used as the hostname portion, it will be replaced with the actual hostname of the running instance. | 
Following is the XML for these entries:
<property>
     <name>hive.metastore.sasl.enabled</name>
     <value>true</value>
     <description>If true, the metastore thrift interface will be secured with SASL.
     Clients must authenticate with Kerberos.</description>
</property>
<property>
     <name>hive.metastore.kerberos.keytab.file</name>
     <value>/etc/security/keytabs/hive.service.keytab</value>
     <description>The path to the Kerberos Keytab file containing the
     metastore thrift server's service principal.
     </description>
</property>
<property>
     <name>hive.metastore.kerberos.principal</name>
     <value>hive/_HOST@EXAMPLE.COM</value>
     <description>The service principal for the metastore thrift server. The
     special string _HOST will be replaced automatically with the correct
     hostname.</description>
</property>
