Overview
- This article describes how to enable PAM authentication in Hive.
- By default, there's no authentication to Hive server.
- With PAM, authentication is performed against local OS user credentials.
Procedure
Step 1 - JPam Library
- Download latest copy JPam library from http://jpam.sourceforge.net/
- Latest version is 1.1 (JPam-Linux_amd64-1.1.tgz)
- Once downloaded, create /usr/hdp/ext/lib folder in tbdrmnn1.
- Copy JPam-1.1.jar and libjpam.so to the folder above
Step 2 - Hive Server Configuration
Add following to hive-env template in Ambari:
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/hdp/ext/lib
export JAVA_LIBRARY_PATH=${JAVA_LIBRARY_PATH}:/usr/hdp/ext/lib
add following to hive-site in Ambari:
hive.server2.authentication.pam.services=passwd,login
- Restart all affected services as prompted in Ambari.
Step 3 - Local System User
- Run following command to allow root group read access:
# chmod 644 /etc/login.defs# chmod 640 /etc/shadow |
- Add hive user to root group:
# usermod -a root hive |
Verification
- Create a local system user and assign it a password.
- Use the following command to access hive:
$ beeline -u jdbc:hive2://hadoop1.mylocal.net:10000 -n <user> -p <password> |
