This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Table of Contents

HiveServer2 (HS2) is a server interface that enables remote clients to execute queries against Hive and retrieve the results. The current implementation, based on Thrift RPC, is an improved version of HiveServer and supports multi-client concurrency and authentication. It is designed to provide better support for open API clients like JDBC and ODBC.



Introduced in Hive version 0.11. See HIVE-2935.

How to Configure

Configuration Properties in the hive-site.xml File



HIVE_SERVER2_THRIFT_BIND_HOST – Optional TCP host interface to bind to. Overrides the configuration file setting.
HIVE_SERVER2_THRIFT_PORT – Optional TCP port number to listen on, default 10000. Overrides the configuration file setting.

How to Start

Code Block


Code Block
$HIVE_HOME/bin/hive --service hiveserver2

Authentication/Security Configuration

HiveServer2 supports Anonymous (no authentication), Kerberos, pass through LDAP and pluggable custom authentication.



hive.server2.authentication – Authentication mode, default NONE. Options are NONE, KERBEROS, LDAP and CUSTOM.
hive.server2.authentication.kerberos.principal – Kerberos principal for server.
hive.server2.authentication.kerberos.keytab – Keytab for server principal.
hive.server2.authentication.ldap.url – LDAP url.
hive.server2.authentication.ldap.baseDN – LDAP base DN.
hive.server2.custom.authentication.class – Custom authentication class that implements org.apache.hive.service.auth.PasswdAuthenticationProvider interface.


By default HiveServer2 performs the query processing as the user who submitted the query. But if the following parameter is set to false, the query will run as the user that the hiveserver2 process runs as.



fs.hdfs.impl.disable.cache – Disable HDFS filesystem cache, default false.
fs.file.impl.disable.cache – Disable local filesystem cache, default false.

Integrity/Confidentiality Protection

Changes in HIVE-4911, which is available in Hive 0.12, enable integrity protection and confidentiality protection (beyond just the default of authentication) for communication between the Hive JDBC driver and HiveServer2. You can use the SASL QOP property to configure this.

  • This is only when Kerberos is used for the HS2 client (JDBC/ODBC application) authentication with HiveServer2.
  • hive.server2.thrift.sasl.qop in hive-site.xml has to be set to one of the valid QOP values ('auth', 'auth-int' or 'auth-conf').

Python Client Driver

A Python client driver for HiveServer2 is available at (thanks, Brad). It includes all the required packages such as SASL and Thrift wrappers.

To use the pyhs2 driver:

No Format
pip install pyhs2

and then:

No Format
import pyhs2

conn = pyhs2.connect(host='localhost', 
cur = conn.cursor()
cur.execute("show tables")
for i in cur.fetch():
	print i

You can discuss this driver on the mailing list.