本文介绍了一种使用Credential Provider来安全地存储Hive Metastore密码的方法,通过创建密码别名并更新Hive配置文件,可以有效地提高Hive系统的安全性。
1.Set up the CredentialProvider to store the Hive Metastore password, using the key javax.jdo.option.ConnectionPassword (the same key as used in the Hive configuration).
$ hadoop credential create javax.jdo.option.ConnectionPassword -provider jceks://file/usr/lib/hive/conf/hive.jceks
Enter password:
Enter password again:
javax.jdo.option.ConnectionPassword has been successfully created.
org.apache.hadoop.security.alias.JavaKeyStoreProvider has been updated.
2.Update the Hive configuration to use the designated CredentialProvider. For example to use our /usr/lib/hive/conf/hive.jceks file:
<!-- Configure credential store for passwords-->
<property>
<name>hadoop.security.credential.provider.path</name>
<value>jceks://file/usr/lib/hive/conf/hive.jceks</value>
</property>
3.Remove the Hive Metastore password entry (javax.jdo.option.ConnectionPassword) from the Hive configuration. The CredentialProvider will be used instead.
4.Restart Hive Metastore Server/HiveServer2.
扫一扫
6万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
