@soundy Yes the feature already exists in CDH to allow HiveServer2 to be configured for both Kerberos and LDAP authentication at the same time, just like Impala.  You don't need any "testing mode" configurations or anything like that. ... View more

Kerberos authentication is a given for a secure environment.  However, it absolutely makes sense to also provide LDAP authentication for JDBC/ODBC clients.  This is common.  Currently you need to choose either Kerberos or LDAP for a single HiveServer2, but this is changing imminently to be like Impalad, where a single instance can support either authentication method.  Keep in mind that this is just authentication from clients to the service.  From that service to the rest of the internal cluster, Kerberos is used. ... View more