You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/src/hive3.md
+16Lines changed: 16 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,6 +14,22 @@ The **client.pool-size** property is optional and specifies the size of the HMS
14
14
15
15
The **root** property is optional and specifies the storage root location of the lakehouse on Hive catalog. Default value is the current working directory.
16
16
17
+
The **hive.metastore.sasl.enabled** property is optional. When set to `true`, the Python Hive3 implementation uses Kerberos SASL to connect to Hive Metastore instead of a plain Thrift transport.
18
+
19
+
The **hive.metastore.kerberos.principal** property is optional and may be used to derive the Kerberos service name from the metastore service principal, such as `hive-metastore/_HOST@EXAMPLE.COM`.
20
+
21
+
The **kerberos.service-name** property is optional and overrides the Kerberos service name used for SASL negotiation.
22
+
23
+
The **kerberos.client-principal** property is optional and specifies the Kerberos client principal to use during SASL negotiation. If omitted, the default local Kerberos credentials are used.
24
+
25
+
## Authentication
26
+
27
+
For Kerberos-secured Hive Metastore deployments with `hive.metastore.sasl.enabled=true`, clients must have valid Kerberos credentials available before opening the namespace connection.
28
+
29
+
For the Python implementation, enabling `hive.metastore.sasl.enabled=true` switches the metastore wrapper to a Kerberos SASL transport.
30
+
31
+
For the Java implementation, Kerberos-related Hive Metastore settings are typically provided through the Hadoop `Configuration` used to initialize the namespace.
0 commit comments