1c2e99
@@ -136,6 +136,7 @@
 import org.apache.hadoop.hive.serde2.Deserializer;
 import org.apache.hadoop.hive.serde2.SerDeException;
 import org.apache.hadoop.hive.shims.Utils;
+import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.util.ReflectionUtils;
 import org.apache.hadoop.util.StringUtils;
@@ -7641,6 +7642,14 @@
public static void startMetaStore(int port, HadoopThriftAuthBridge bridge,
       boolean useSSL = conf.getBoolVar(ConfVars.HIVE_METASTORE_USE_SSL);
       useSasl = conf.getBoolVar(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL);
 
+      if (useSasl) {
+        // we are in secure mode. Login using keytab
+        String kerberosName = SecurityUtil
+            .getServerPrincipal(conf.getVar(ConfVars.METASTORE_KERBEROS_PRINCIPAL), "0.0.0.0");
+        String keyTabFile = conf.getVar(ConfVars.METASTORE_KERBEROS_KEYTAB_FILE);
+        UserGroupInformation.loginUserFromKeytab(kerberosName, keyTabFile);
+      }
+
       TProcessor processor;
       TTransportFactory transFactory;
       final TProtocolFactory protocolFactory;
