Configuring Kerberos with Hive and Impala Data Sources
This section contains instructions for how to configure your Hive data connection, including Impala, for use with Kerberos:
Follow these steps to configure Hive/Impala datasources with Kerberos:
| 1. | If you are using Hive 0.13, make sure that you have the Apache HIVE-6486 patch installed for the JDBC driver. |
| 2. | Open Studio. |
| 3. | Open or add a new Hive or Impala data source. |
| 4. | Select the Basic tab. |
| 5. | Select Kerberos for the Authentication field. |
| 6. | Select the Advanced tab. |
| 7. | In the Connection URL Pattern field add a semicolon to the end of the URL. |
| 8. | In the Connection URL Pattern filed add the following elements to the end of the connection URL. |
jdbc:hive2://<HOST>:<PORT>/<DATABASE_NAME>;<Principal>;<auth>;<kerberosAuthType>;[hive.server2.proxy.user=<DELEGATED_USER>]:
|
Property |
Description of Necessary Value |
|
<Principal> |
The Kerberos SPN for the Hive instance. For example, principal=hive/DBName-016.kt.support.net@KT.SUPPORT.NET. |
|
<auth> |
Specifies that the authentication method is Kerberos. For example, auth=kerberos. |
|
<kerberosAuthType> |
Specifies to use the private credentials inserted into the Subject by Kbr5. For example, kerberosAuthType=fromSubject |
|
[hive.server2.proxy.user=<DELEGATED_USER>] |
An optional token that if used will be replaced by the cis user at run time. The proxy.user is used to access the Hive Server2 proxy functionality. |
For example, if the value in the Connection URL Pattern field is:
jdbc:hive2://<HOST>:<PORT>/<DATABASE_NAME>
Modify it to become:
jdbc:hive2://<HOST>:<PORT>/<DATABASE_NAME>;<Principal>;<auth>;<kerberosAuthType>
For example:
"jdbc:hive2://HiveHost:10000/default;principal=hive/localhost.localdomain@EXAMPLE.COM;auth=kerberos;kerberosAuthType=fromSubject"
| 9. | Save the data source. |