Use the following description to set up secure Hive Metastore and HiveServer2.
Using a text editor, edit the
/etc/hive/conf/hive-site.xml file, to add or modify the
following information:
<property>
<name>hive.metastore.sasl.enabled</name>
<value>true</value>
<description>If true, the metastore thrift interface will be secured with
SASL.
Clients must authenticate with Kerberos.</description>
</property> <property>
<name>hive.metastore.kerberos.keytab.file</name>
<value>/etc/security/keytabs/hive.service.keytab</value>
<description>The path to the Kerberos Keytab file containing the
metastore thrift server's service principal.</description>
</property> <property>
<name>hive.metastore.kerberos.principal</name>
<value>hive/_HOST@EXAMPLE.COM</value>
<description>The service principal for the metastore thrift server. The special string _HOST will be replaced automatically with the correct hostname.</description>
</property>< property>
<name>hive.server2.authentication</name>
<value>KERBEROS</value>
<description>Authentication type </description>
</property> <property>
<name>hive.server2.authentication.kerberos.principal</name>
<value>hive/_HOST@EXAMPLE.COM</value>
<description>The service principal for the HiveServer2. If _HOST is used as the hostname portion, it will be replaced with the actual hostname of the running instance.</description>
</property><property>
<name>hive.server2.authentication.kerberos.keytab</name>
<value>/etc/security/keytabs/hive.service.keytab</value>
<description>The keytab for the HiveServer2 service principal</description>
</property>
