Kyuubi Authentication Mechanism#

In a secure cluster, services should be able to identify and authenticate callers. As the fact that the user claims does not necessarily mean this is true.

The authentication process of kyuubi is used to verify the user identity that a client used to talk to the kyuubi server. Once done, a trusted connection will be set up between the client and server if successful; otherwise, rejected.


This only authenticate whether a user or client can connect with Kyuubi server or not using the provided identity. For other secured services that this user wants to interact with, he/she also needs to pass the authentication process of each service, for instance, Hive Metastore, YARN, HDFS.

The related configurations can be found at Authentication Configurations