https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-enable-Hive-SASL-on-kerberized-cluster/m-p/118348#M22321 <P>hive.server2.thrift.sasl.qop in <CODE>hive-site.xml</CODE> has to be set to one of the valid QOP values ('auth', 'auth-int' or 'auth-conf').</P><P><A href="https://cwiki.apache.org/confluence/display/Hive/Setting+Up+HiveServer2#SettingUpHiveServer2-Integrity/ConfidentialityProtection" target="_blank">https://cwiki.apache.org/confluence/display/Hive/Setting+Up+HiveServer2#SettingUpHiveServer2-Integrity/ConfidentialityProtection</A></P><P>Then use as for example:</P><PRE>jdbc:hive://hostname/dbname;sasl.qop=auth-int|auth|auth-conf jdbc:hive2://sandbox.hortonworks.com:10001/default;principal=hive/sandbox.hortonworks.com@HORTONWORKS.COM?transportMode=http;httpPath=cliservice;auth=kerberos;sasl.qop=auth-int</PRE><P>See </P><P><A href="https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.4/bk_Security_Guide/content/ch_wire-connect.html" target="_blank">https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.4/bk_Security_Guide/content/ch_wire-connect.html</A></P> Wed, 09 Mar 2016 11:43:30 GMT amcbarnett 2016-03-09T11:43:30Z https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-enable-Hive-SASL-on-kerberized-cluster/m-p/118347#M22320 <P>On kerberized cluster I understand for j/odbc via TCP only SASL is supported. How do i enabled SASL via ambari for hiveserver2. I only see SSL button.</P> Wed, 09 Mar 2016 11:29:12 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-enable-Hive-SASL-on-kerberized-cluster/m-p/118347#M22320 sunile_manjee 2016-03-09T11:29:12Z https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-enable-Hive-SASL-on-kerberized-cluster/m-p/118348#M22321 <P>hive.server2.thrift.sasl.qop in <CODE>hive-site.xml</CODE> has to be set to one of the valid QOP values ('auth', 'auth-int' or 'auth-conf').</P><P><A href="https://cwiki.apache.org/confluence/display/Hive/Setting+Up+HiveServer2#SettingUpHiveServer2-Integrity/ConfidentialityProtection" target="_blank">https://cwiki.apache.org/confluence/display/Hive/Setting+Up+HiveServer2#SettingUpHiveServer2-Integrity/ConfidentialityProtection</A></P><P>Then use as for example:</P><PRE>jdbc:hive://hostname/dbname;sasl.qop=auth-int|auth|auth-conf jdbc:hive2://sandbox.hortonworks.com:10001/default;principal=hive/sandbox.hortonworks.com@HORTONWORKS.COM?transportMode=http;httpPath=cliservice;auth=kerberos;sasl.qop=auth-int</PRE><P>See </P><P><A href="https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.4/bk_Security_Guide/content/ch_wire-connect.html" target="_blank">https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.4/bk_Security_Guide/content/ch_wire-connect.html</A></P> Wed, 09 Mar 2016 11:43:30 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-enable-Hive-SASL-on-kerberized-cluster/m-p/118348#M22321 amcbarnett 2016-03-09T11:43:30Z https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-enable-Hive-SASL-on-kerberized-cluster/m-p/118349#M22322 <P><A rel="user" href="https://community.cloudera.com/users/369/amcbarnett.html" nodeid="369">@Ancil McBarnett</A> Awesome feedback! I have follow up (maybe I will ask another HCC question). Can client connect using a lower standard like auth-int or auth if hive.server2.thrift.sasl.qop is set to auth-conf on hiveserver2?</P> Wed, 09 Mar 2016 12:38:05 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-enable-Hive-SASL-on-kerberized-cluster/m-p/118349#M22322 sunile_manjee 2016-03-09T12:38:05Z https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-enable-Hive-SASL-on-kerberized-cluster/m-p/118350#M22323 <P>Hi <A rel="user" href="https://community.cloudera.com/users/1486/smanjee.html" nodeid="1486">@Sunile Manjee</A> please ask the follow on as a separate question. </P> Wed, 09 Mar 2016 22:37:24 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-enable-Hive-SASL-on-kerberized-cluster/m-p/118350#M22323 mherring 2016-03-09T22:37:24Z