Running in HTTP mode
Starting in Hive 0.13, HiveServer2 provides support for sending Thrift RPC messages over http HTTP transport (HIVE-4752). This is particularly useful to support a proxying intermediary between the client and the server (for example, for load balancing or security reasons). Currently, you can run HiveServer2 in either TCP mode or the HTTP mode, but not in both. For the corresponding JDBC urlURL, check this link: HiveServer2 Clients -- JDBC urlConnection URLs. Use the following settings to enable http HTTP mode:
hive.server2.transport.mode – Set this to http.
HiveServer2 supports Anonymous (no authentication), Kerberos, pass through LDAP, Pluggable Custom Authentication and Pluggable Authentication Modules (PAM, supported Hive 0.13 onwards).
hive.server2.authentication – Authentication mode, default NONE. Options are NONE, KERBEROS, LDAP, PAM and CUSTOM.
hive.server2.authentication.kerberos.principal – Kerberos principal for server.
hive.server2.authentication.kerberos.keytab – Keytab for server principal.
hive.server2.authentication.ldap.url – LDAP urlURL.
hive.server2.authentication.ldap.baseDN – LDAP base DN.
hive.server2.custom.authentication.class – Custom authentication class that implements org.apache.hive.service.auth.PasswdAuthenticationProvider interface.
Changes in HIVE-5351, which will be available in Hive 0.13, provides support for SSL encryption. To enable, set the following configurations in in
hive.server2.use.SSL – Set this to true.
hive.server2.keystore.path – Set this to your keystore path.
hive.server2.keystore.password – Set this to your keystore password.
- Download the JPAM native library for the relevant architecture.
- Unzip and copy libjpam.so to a directory (<libjmap-directory>) on the system.
- Add the directory to the LD_LIBRARY_PATH environment variable like so: export
Finally, set the following configurations in in
hive.server2.authentication – Set this to PAM.
hive.server2.authentication.pam.services – Set this to a list of comma-separated PAM services that will be used. Note that a file with the same name as the PAM service must exist in /etc/pam.d.