Delegating Authentication to a Specific User

Some Hive Server 2 instances support the ability to delegate all operations against Hive to the specified user, rather than to the authenticated user for the connection.

To delegate all operations to a specified user:

1. Choose one:
• To access authentication options for a DSN, open the ODBC Data Source Administrator where you created the DSN, then select the DSN, and then click Configure.
• Or, to access authentication options for a DSN-less connection, open the Simba Hive ODBC Driver Configuration tool.
2. In the Delegation UID field, type the name of the user to be delegated.
3. To save your settings and close the dialog box, click OK.

If the server returns an error message such as Failed to validate proxy privilege of [RealUser] for [DelegationUID], you may need to modify the server's core-site.xml configuration file, as follows:

1. In the server's core-site.xml configuration file, add the following properties:

hadoop.proxyuser.[RealUser].groups=*

hadoop.proxyuser.[RealUser].hosts=*

Where [RealUser] is the authenticated user for the connection.

2. If you are using Kerberos authentication, then in the server's core-site.xml configuration file, add the following properties:

hadoop.proxyuser.[Principal].groups=*

hadoop.proxyuser.[Principal].hosts=*

Where [Principal] is the primary Kerberos principal user. For example, if the primary Kerberos principal user is kerbuser@example.com, replace [Principal] with kerbuser.

For more information on resolving this error, see your Hive Server documentation.

Related topics

• Configuring Authentication
• Authentication Mechanisms
• Using Kerberos
• Using User Name
• Using User Name And Password
• Using Windows Azure HDInsight Service
• Creating a Data Source Name
• Authentication Driver Configuration Options on page 1