Supported Authentication Methods v2.0.7

Edit this page

The Hadoop Foreign Data Wrapper supports NOSASL and LDAP authentication modes. To use NOSASL, do not specify any OPTIONS while creating user mapping. For LDAP authentication mode, specify username and password in OPTIONS while creating user mapping.

Using LDAP Authentication

When using the Hadoop Foreign Data Wrapper with LDAP authentication, you must first configure the Hive Server or Spark Server to use LDAP authentication. The configured server must provide a hive-site.xml file that includes the connection details for the LDAP server. For example:

    Expects one of [nosasl, none, ldap, kerberos, pam, custom].
    Client authentication types.
      NONE: no authentication check
      LDAP: LDAP/AD based authentication
      KERBEROS: Kerberos/GSSAPI authentication
      CUSTOM: Custom authentication provider
              (Use with property hive.server2.custom.authentication.class)
      PAM: Pluggable authentication module
      NOSASL:  Raw transport
  <description>LDAP connection URL</description>
  <description>LDAP base DN</description>

Then, when starting the hive server, include the path to the hive-site.xml file in the command. For example:

./hive --config path_to_hive-site.xml_file --service hiveServer2

Where path_to_hive-site.xml_file specifies the complete path to the hive‑site.xml file.

When creating the user mapping, you must provide the name of a registered LDAP user and the corresponding password as options. For details, see Create User Mapping.

Using NOSASL Authentication

When using NOSASL authentication with the Hadoop Foreign Data Wrapper, set the authorization to None, and the authentication method to NOSASL on the Hive Server or Spark Server. For example, if you start the Hive Server at the command line, include the hive.server2.authentication configuration parameter in the command:

hive --service hiveserver2 --hiveconf hive.server2.authentication=NOSASL