Security options for Hive in Azure HDInsight
This document describes the recommended security options for Hive in HDInsight. These options can be configured through Ambari.
HiveServer2 authentication
For standard clusters, the recommended setting for HiveServer2 authentication is the default, which is none. To enable authentication, we recommend upgrading to an ESP (Enterprise Security Package) cluster.
For ESP clusters, Kerberos authentication is enabled by default. Pluggable Authentication Modules (PAM) and custom authentication schemes aren't supported.
HiveServer2 authorization
For standard clusters, the default setting is None. SqlStdAuth (SQL Standards Based Authorization) can be enabled. Authorization through Apache Ranger isn't supported for standard clusters. We recommend upgrading to an ESP cluster for Ranger Authorization.
For ESP clusters, authorization through Ranger is enabled by default.
SSL Encryption for HiveServer2
Enabling Hiveserver2 SSL isn't recommended for either standard or ESP clusters. SSL is enabled on the gateway instead. Encryption in transit can be enabled to encrypt communications among the cluster nodes using Internet Protocol Security (IPSec).
Next steps
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for