We only allow the anonymous connection via JDBC from a specific host designated to run application jobs against Hive.
For end user connections, we use Cloudera’s Hue interface which has specific user ID/password level authentication. It’s not a bad web based client tool at all. Not as robust as Toad, which we use on other databases, but quite workable for our end users. https://ccp.cloudera.com/display/HUE/Hue+Open+Source+Applications+User+Guide End users are not allowed to have a login on the app host. Yes, in theory, a determined end user could hack their way into the application host and launch anon JDBC from there … but we feel the security on the app host tight enough to mitigate this risk and our internal process to get a legit end user login to Hue isn’t hard at all. Air tight, no. Better than just allowing any old user connected to the network make anon JDBC connections, yes. --- Mark E. Sunderlin Solutions Architect |AOLCore Data Technologies P: 703-256-6935 | C: 540-327-6222 | AIM: MESunderlin 22000 AOL Way | Dulles, VA | 20166 From: Shantian Purkad [mailto:[email protected]] Sent: Wednesday, February 01, 2012 11:32 AM To: [email protected] Subject: Re: Hive Security Yes, you are right! Toad (at least my version) does not give an option to specific user/password. Is there any other way (may be using other SQL editors) that we can enforce user id/password on Hive? Also how do we set up users on hive? Regards, Shantian ________________________________ From: Amit Sharma <[email protected]> To: [email protected] Cc: Shantian Purkad <[email protected]> Sent: Tuesday, January 31, 2012 11:55 AM Subject: Re: Hive Security Toad uses JDBC only while connecting as a direct Hive Connection from Eclipse. In most other cases where a Hub is involved it uses Thrift. On the other hand in the current release of Toad for Cloud there is no way to specify what hive user you want to connect as and hence it always connects as the User with which the hive server is running, and connects to the default database. What version of Toad for Cloud are you using? Thanks, Amit On Tue, Jan 31, 2012 at 10:59 AM, Sriram Krishnan <[email protected]<mailto:[email protected]>> wrote: I was under the impression that Toad uses JDBC – and AFAIK there is no way to authenticate users via JDBC using the HiveServer. FYI - https://issues.apache.org/jira/browse/HIVE-2539. BTW if anyone has a solution to this, I would be very interested to know as well. Sriram From: Shantian Purkad <[email protected]<mailto:[email protected]>> Reply-To: <[email protected]<mailto:[email protected]>>, Shantian Purkad <[email protected]<mailto:[email protected]>> Date: Tue, 31 Jan 2012 10:20:04 -0800 To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Hive Security Hi, We are running Hive server and connecting to it through Toad. Everything works fine. Now we want to enable authentication on the hive server. The hive server indicates that we can specify user id password while connecting to it. Can someone please guide on how can we create and set users on hive server? Regards, Shantian
