Security options for Hive in Azure HDInsight
This document describes the recommended security options for Hive in HDInsight. These options can be configured through Ambari.
For standard clusters, the recommended setting for HiveServer2 authentication is the default, which is none. To enable authentication, we recommend upgrading to an ESP (Enterprise Security Package) cluster.
For ESP clusters, Kerberos authentication is enabled by default. Pluggable Authentication Modules (PAM) and custom authentication schemes aren't supported.
For standard clusters, the default setting is None. SqlStdAuth (SQL Standards Based Authorization) can be enabled. Authorization through Apache Ranger isn't supported for standard clusters. We recommend upgrading to an ESP cluster for Ranger Authorization.
For ESP clusters, authorization through Ranger is enabled by default.
Enabling Hiveserver2 SSL is not recommended for either standard or ESP clusters. SSL is enabled on the gateway instead. Encryption in transit can be enabled to encrypt communications among the cluster nodes using Internet Protocol Security (IPSec).