Z0ltrix commented on pull request #2332: URL: https://github.com/apache/drill/pull/2332#issuecomment-960809785
> > > > Of course this PR is great even without working Impersonation, but for enterprise its necessary to let the enduser run the query against the storage. > > The fact that drill impersonates the proxyUser correctly against HDFS and HBase let me hope that this is also feasable for phoenix :) > > Hi @Z0ltrix. I believe that Drill uses the native support for impersonation that is built into Hadoop when it impersonates to HDFS, Hive, HBase (and MapR-DB through whatever is built into that). No other storage plugins support any impersonation yet. Also there is no support for propagating a Kerberos authn context (a TGT I guess?) over the hop from Drill to the external data source. But... we want it to be there! We are in a planning phase and talking to security guys and we want to start coding on this in November. Your input is very valuable so we'd like to keep checking in with you as we go. > > cc @cgivre Hi @dzamo , phoenix uses keytab and other stuff within the connection string: https://phoenix.apache.org/#connStr isnt this what we need? Or, the other aspect... use code from PQS for the connection to phoenix... they use some sort of proxyUser from org.apache.hadoop.security.UserGroupInformation as well: https://github.com/apache/phoenix-queryserver/blob/master/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java#L553 Regards, Christian -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
