Cloudera Enterprise 5.15.x | Other versions
Hive Authentication
Hive authentication involves configuring Hive metastore, HiveServer2, and all Hive clients to use your deployment of LDAP/Active Directory Kerberos on your cluster.
Here is a summary of the status of Hive authentication in CDH 5:
- HiveServer2 supports authentication of the Thrift client using Kerberos or user/password validation backed by LDAP. For configuration instructions, see HiveServer2 Security Configuration.
- Earlier versions of HiveServer do not support Kerberos authentication for clients. However, the Hive MetaStoreServer does support Kerberos authentication for Thrift clients. For
configuration instructions, see Hive MetaStoreServer Security Configuration.
See also: Using Hive to Run Queries on a Secure HBase Server
For authorization, Hive uses Apache Sentry to enable role-based, fine-grained authorization for HiveServer2. See Apache Sentry
Overview.
Important: Cloudera does not support Apache Ranger or
Hive's native authorization frameworks for configuring access control in Hive. Use Cloudera-supported Apache Sentry instead.
Important: Cloudera does not support Apache Ranger or
Hive's native authorization frameworks for configuring access control in Hive. Use Cloudera-supported Apache Sentry instead.Page generated May 18, 2018.
| << HCatalog Authentication | ©2016 Cloudera, Inc. All rights reserved | HiveServer2 Security Configuration >> |
| Terms and Conditions Privacy Policy |