[
https://issues.apache.org/jira/browse/DRILL-4280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15452899#comment-15452899
]
ASF GitHub Bot commented on DRILL-4280:
---------------------------------------
GitHub user sudheeshkatkam opened a pull request:
https://github.com/apache/drill/pull/578
DRILL-4280: Kerberos Authentication
I am posting these changes from review. There are four commits in this pull
request. All changes squashed are in [this
branch](https://github.com/sudheeshkatkam/drill/tree/DRILL-4280-squashed).
There are 4 more commits that are in the squashed branch but not in this PR
(tests, client changes including C++, etc.)
The last commit (not here yet) will move forward the RPC version that will
starting using SASL for authentication.
Please refer to the design doc for details.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/sudheeshkatkam/drill DRILL-4280-PR
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/drill/pull/578.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #578
----
commit e4b0c6afdc358123fc6b6e911cf37ec347bda242
Author: Sudheesh Katkam <[email protected]>
Date: 2016-07-25T21:48:15Z
DRILL-4280: HYGIENE
+ Pass references of BootstrapContext to ServiceEngine and down
commit 27a1638e2f2eb3aaf582c3d3398960d6dcee979b
Author: Sudheesh Katkam <[email protected]>
Date: 2016-07-25T22:47:37Z
DRILL-4280: CORE
+ Define SaslStatus and SaslMessage messages in protocol
+ Add new "authenticationMechanisms" field to BitToUserHandshake
commit 409318de6b7b73467c8d1052c7e5eacb72cbeb07
Author: Sudheesh Katkam <[email protected]>
Date: 2016-07-26T21:42:49Z
DRILL-4280: CORE
+ Add new RequestHandler interface, and two implementations used in
UserServer to handle authentication first and then query requests
+ UserAuthenticationHandler handles SASL messages on server side
+ Move UserServer#handle logic to UserServerRequestHandler
+ Add authenticate method in UserClient
commit 692755b3991c33a501cc36238d9f9c04f66fe068
Author: Sudheesh Katkam <[email protected]>
Date: 2016-08-31T17:40:53Z
DRILL-4280: CORE
+ Add AuthenticationMechanism interface
+ Kerberos implementation
+ includes SaslServer and SaslClient wrappers
+ Plain implementation
+ PlainServer implements SaslServer (unavailable in Java)
for username/password based authentication
+ retrofit user authenticator
+ add logic for backward compatibility
+ Custom SASL mechanisms are discovered through the SaslMechanism
annotation
+ FastSaslServerFactory caches SaslServer factories
----
> Kerberos Authentication
> -----------------------
>
> Key: DRILL-4280
> URL: https://issues.apache.org/jira/browse/DRILL-4280
> Project: Apache Drill
> Issue Type: Improvement
> Reporter: Keys Botzum
> Assignee: Sudheesh Katkam
> Labels: security
>
> Drill should support Kerberos based authentication from clients. This means
> that both the ODBC and JDBC drivers as well as the web/REST interfaces should
> support inbound Kerberos. For Web this would most likely be SPNEGO while for
> ODBC and JDBC this will be more generic Kerberos.
> Since Hive and much of Hadoop supports Kerberos there is a potential for a
> lot of reuse of ideas if not implementation.
> Note that this is related to but not the same as
> https://issues.apache.org/jira/browse/DRILL-3584
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
