[jira] [Commented] (DRILL-4280) Kerberos Authentication

Diego (JIRA) Fri, 07 Apr 2017 11:07:13 -0700

    [ 
https://issues.apache.org/jira/browse/DRILL-4280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15961202#comment-15961202
 ]


Diego  commented on DRILL-4280:
-------------------------------

Hi,

I'm using drill 1.10.0 and I enabled kerberos on drill-override.conf as 
described in the documentation

     drill.exec {  
        security: {  
          user.auth.enabled:true,  
          auth.mechanisms:[“KERBEROS”],  
          auth.principal:“<username>/<FQDN>@<REALM>.COM”,  
          auth.keytab:“/etc/drill/conf/drill.keytab”  
        }  
    } 

however, when starting the drillbit process, the webserver is not starting and 
is showing this warning:

[main] WARN  o.a.drill.exec.server.rest.WebServer - Not starting web server. 
Currently Drill supports web authentication only through username/password. But 
PLAIN mechanism is not configured.


2017-04-07 13:41:18,513 [main] INFO  o.a.d.exec.server.BootStrapContext - 
Process user name: 'user' and logged in successfully as 
'<username>/<FQDN>@<REALM>.COM'
2017-04-07 13:41:18,526 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
2 classes for org.apache.drill.exec.rpc.security.AuthenticatorFactory took 2ms
2017-04-07 13:41:18,527 [main] INFO  o.a.d.e.r.s.AuthenticatorProviderImpl - 
Configured authentication mechanisms: [kerberos]
2017-04-07 13:41:18,877 [main] INFO  o.a.d.e.s.s.PersistentStoreRegistry - 
Using the configured PStoreProvider class: 
'org.apache.drill.exec.store.sys.store.provider.ZookeeperPersistentStoreProvider'.
2017-04-07 13:41:19,123 [main] INFO  o.a.d.e.r.user.UserConnectionConfig - 
Configured all user connections to require authentication using: [kerberos]
2017-04-07 13:41:19,129 [main] INFO  o.apache.drill.exec.server.Drillbit - 
Construction completed (1177 ms).
2017-04-07 13:41:19,416 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
16 classes for org.apache.drill.common.logical.data.LogicalOperator took 8ms
2017-04-07 13:41:19,424 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
10 classes for org.apache.drill.common.logical.StoragePluginConfig took 5ms
2017-04-07 13:41:19,427 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
7 classes for org.apache.drill.common.logical.FormatPluginConfig took 2ms
2017-04-07 13:41:19,576 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
63 classes for org.apache.drill.exec.physical.base.PhysicalOperator took 66ms
2017-04-07 13:41:19,682 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
37 classes for org.apache.drill.exec.physical.impl.BatchCreator took 25ms
2017-04-07 13:41:19,687 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
5 classes for org.apache.drill.exec.physical.impl.RootCreator took 2ms
2017-04-07 13:41:20,266 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
1 classes for org.apache.drill.exec.expr.fn.PluggableFunctionRegistry took 4ms
...
2017-04-07 13:41:21,041 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
114 classes for org.apache.hadoop.hive.ql.udf.generic.GenericUDF took 65ms
2017-04-07 13:41:21,405 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
68 classes for org.apache.hadoop.hive.ql.exec.UDF took 180ms
2017-04-07 13:41:21,426 [main] INFO  o.a.d.e.e.f.FunctionImplementationRegistry 
- Function registry loaded.  433 functions loaded in 1706 ms.
2017-04-07 13:41:21,434 [main] INFO  o.a.d.e.e.f.FunctionImplementationRegistry 
- Created and validated local udf directory [/tmp/drill/drillbits/udf/udf/local]
2017-04-07 13:41:21,437 [main] INFO  o.a.drill.exec.compile.CodeCompiler - 
Plain java code generation preferred: false
2017-04-07 13:41:21,612 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
9 classes for org.apache.drill.exec.store.StoragePlugin took 21ms
2017-04-07 13:41:21,760 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
6 classes for org.apache.drill.exec.store.dfs.FormatPlugin took 21ms
2017-04-07 13:41:21,775 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
7 classes for org.apache.drill.common.logical.FormatPluginConfig took 0ms
2017-04-07 13:41:21,797 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
6 classes for org.apache.drill.exec.store.dfs.FormatPlugin took 0ms
2017-04-07 13:41:21,799 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
7 classes for org.apache.drill.common.logical.FormatPluginConfig took 0ms
2017-04-07 13:41:21,799 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
7 classes for org.apache.drill.common.logical.FormatPluginConfig took 0ms
2017-04-07 13:41:21,799 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
7 classes for org.apache.drill.common.logical.FormatPluginConfig took 0ms
2017-04-07 13:41:21,820 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
6 classes for org.apache.drill.exec.store.dfs.FormatPlugin took 0ms
2017-04-07 13:41:21,823 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
7 classes for org.apache.drill.common.logical.FormatPluginConfig took 0ms
2017-04-07 13:41:21,823 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
7 classes for org.apache.drill.common.logical.FormatPluginConfig took 0ms
2017-04-07 13:41:21,823 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 
7 classes for org.apache.drill.common.logical.FormatPluginConfig took 0ms
2017-04-07 13:41:21,986 [main] INFO  o.a.d.e.e.f.r.RemoteFunctionRegistry - 
Preparing three remote udf areas: staging, registry and tmp.
2017-04-07 13:41:22,018 [main] INFO  o.a.d.e.e.f.r.RemoteFunctionRegistry - 
Created remote udf area [/drill/drillbits/udf/registry] on file system 
[file:///]
2017-04-07 13:41:22,022 [main] INFO  o.a.d.e.e.f.r.RemoteFunctionRegistry - 
Created remote udf area [/drill/drillbits/udf/staging] on file system [file:///]
2017-04-07 13:41:22,027 [main] INFO  o.a.d.e.e.f.r.RemoteFunctionRegistry - 
Created remote udf area [/drill/drillbits/udf/tmp] on file system [file:///]
2017-04-07 13:41:22,046 [main] WARN  o.a.drill.exec.server.rest.WebServer - Not 
starting web server. Currently Drill supports web authentication only through 
username/password. But PLAIN mechanism is not configured.
2017-04-07 13:41:22,047 [main] INFO  o.apache.drill.exec.server.Drillbit - 
Startup completed (2918 ms).

If kerberos is configured (o.a.d.e.r.s.AuthenticatorProviderImpl - Configured 
authentication mechanisms: [kerberos]), should the web server ask for PLAIN?


> Kerberos Authentication
> -----------------------
>
>                 Key: DRILL-4280
>                 URL: https://issues.apache.org/jira/browse/DRILL-4280
>             Project: Apache Drill
>          Issue Type: Improvement
>            Reporter: Keys Botzum
>            Assignee: Sudheesh Katkam
>              Labels: security
>             Fix For: 1.10.0
>
>
> Drill should support Kerberos based authentication from clients. This means 
> that both the ODBC and JDBC drivers as well as the web/REST interfaces should 
> support inbound Kerberos. For Web this would most likely be SPNEGO while for 
> ODBC and JDBC this will be more generic Kerberos.
> Since Hive and much of Hadoop supports Kerberos there is a potential for a 
> lot of reuse of ideas if not implementation.
> Note that this is related to but not the same as 
> https://issues.apache.org/jira/browse/DRILL-3584 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (DRILL-4280) Kerberos Authentication

Reply via email to