To force clients to authenticate with the metastore server using Kerberos, we can set the following three properties in the hive-site.xml file and then restart the metastore server to make it work:
- Enable the Simple Authentication and Security Layer (SASL) framework to enforce client Kerberos authentication, as follows:
<property> <name>hive.metastore.sasl.enabled</name> <value>true</value> <description>If true, the metastore thrift interface will be secured with SASL framework. Clients must authenticate with Kerberos.</description> </property>
- Specify the Kerberos keytab generated. Override the following example if you want to keep the file in other places. Make sure the keytab file permission mask is set to ...