Configuring Hive for SCRAM Token Authentication
This topic describes the manual and automatic options to configure Hive for SCRAM token authentication.
Starting from EEP 8.1.0, Hive supports SCRAM token and SCRAM-SHA-256 authentication in HPE Ezmeral Data Fabric.
# | Property | Data Type | Default value | Description |
1 | hive.delegation.token.authentication | String | DIGEST | Delegation token authentication method. Possible values are DIGEST, SCRAM |
To connect to HiveServer2 on EEP 8.1.0 from Hive
client on EEP 8.0.x, set
hive.delegation.token.authentication
property in HPE Ezmeral Data Fabric.
Manually Configuring SCRAM Token Authentication
<property>
<name>hive.delegation.token.authentication</name>
<value>SCRAM</value>
</property>
The default value for hive.delegation.token.authentication
is DIGEST.
hive.delegation.token.authentication
for Hive, configure Hadoop for
SCRAM:- Set the value of
hadoop.security.token.authentication.method
property toSCRAM-SHA-256
inyarn-site.xml
file. - Set
scram.password
property and ensure encrypted password file is available in file system.
Auto Configuring SCRAM Token Authentication
Execute MAPR_HOME/server/configure.sh -R
script on a newly installed
MapR-SASL or KERBEROS secured cluster to automatically configure the following
authentications:
- For a FIPS enabled cluster, Hive configures
hive.delegation.token.authentication=SCRAM
authentication. - For a non-FIPS cluster if you configure Hadoop with
hadoop.security.token.authentication.method=SCRAM
authentication, Hive configures the SCRAM authentication. - For other clusters, Hive configures
hive.delegation.token.authentication=DIGEST
authentication.
For non-secure clusters, Hive configures
hive.delegation.token.authentication=DIGEST
authentication.
You can see hive.delegation.token.authentication
property in
HIVE_HOME/conf/hive-site.xml when you execute
configure.sh
command on newly installed cluster.
When you upgrade Hive, the upgrade does not update the value of the set
hive.delegation.token.authentication
property.
Manually set the value of hive.delegation.token.authentication
property
when you change the cluster settings from FIPS to non-FIPS or from non-FIPS to FIPS.