Support DIGEST-MD5 / delegation token authentication for HMS

### Feature Request / Improvement

#### Summary
PyIceberg's HiveCatalog supports Kerberos (GSSAPI) authentication via `hive.kerberos-authentication`, but does not support DIGEST-MD5 SASL authentication with Hadoop delegation tokens. In many production Hadoop environments, pods/containers authenticate to HMS using delegation tokens (read from `$HADOOP_TOKEN_FILE_LOCATION`) rather than Kerberos keytabs. This means PyIceberg's Hive catalog cannot be used in these environments without building a custom client.

#### Proposed Enhancement
Extend `_HiveClient` to support DIGEST-MD5 delegation token auth:
 1. Add a new config property (e.g. `hive.metastore.authentication=DIGEST-MD5`)
 2. When DIGEST-MD5 is configured, read credentials from  `$HADOOP_TOKEN_FILE_LOCATION` (Hadoop Writable credentials format)
 3. Use `TSaslClientTransport` with mechanism=DIGEST-MD5 and the extracted token identifier/password

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support DIGEST-MD5 / delegation token authentication for HMS #3145

Feature Request / Improvement

Summary

Proposed Enhancement

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Support DIGEST-MD5 / delegation token authentication for HMS #3145

Description

Feature Request / Improvement

Summary

Proposed Enhancement

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions