Major Description
In Oozie, we pass "-a delegationToken" in the command line when we invoke Beeline in a Hive action.
In one of our test, we accidentally defined "principal=" in the JDBC URL. In this case, HiveConnection ignored the delegation token setting and tried to authenticate via Kerberos, which didn't work inside a YARN container. We found this behavior very confusing.
So either BeeLine itself should detect such inconsistencies or alternatively HiveConnection could take care of it. Looking at the code, the "-a delegationToken" does not matter that much inside HiveConnection.createBinaryTransport() - if there's a principal, it will use Kerberos, then it looks for delegation tokens, then finally it falls back to plain authentication.