HiveMetastoreClient must support kerberos secure user impersonation through thrift API

The HiveMetastoreClient works fine when dealing with HDFS and MR and allows users to run hive queries with a client session as Hadoop proxy user. The problem is when there's secure remote metastore, impersonated client sessions through the thrift API can't establish a secure connection since it doesn't have the actual kerberos context of the user it is impersonating.

It sounds like the metastore client is lacking this support for secure impersonation and many projects have been coding around the problem. HUE-1037 talks about this same issue, but they work around it by switching to digest authentication instead of Kerberos.