Impersonation

[Lunen de Lange]

Hi All,

 

I'm having issues getting impersonation to work. 

I'm trying to build in security on our Drill (1.6.0) system. I managed
to get the security user authentication to work(JPam as explained in the
documentation), but the impersonation does not seem to work. It seems to
execute and fetch via the root user regardless of who has logged in via
ODBC.

My drill-override.conf file is configured as follows:

  drill.exec: {

  cluster-id: "drillbits1",

  zk.connect: "localhost:2181",

  impersonation: {

    enabled: true,

    max_chained_user_hops: 3

  },

  security.user.auth {

      enabled: true,

     packages += "org.apache.drill.exec.rpc.user.security",

      impl: "pam",

      pam_profiles: [ "sudo", "login" ]  

  }

}

We are also only using Drill on one server, therefore I'm running
drill-embedded to start things up.
I'm starting up my Zookeeper separately. (I can see the drill instance
connect to ZK)


When I try sqlline, with the following command, I get a "No
DrillbitEndpoint can be found"
root@machinename:/opt/apache-drill-1.6.0/bin# ./sqlline -u
"jdbc:drill:schema=dfs;zk=localhost:2181;impersonation_target=user1" - n
user1 -p user1PW 

 

I have also looked at doing my own built in security, but I'm not able
to retrieve the username from a SQL query. I have tried the following
without any luck:
CURRENT_USER()
USER()
SESSION_USER()
Any ideas on this approach?

Kind regards,
 
Lunen de Lange

Big Data Developer/Project Manager

+44 (0)782 463 4516 <tel:%2B44%20%280%29782%20463%204516>  ' | Tel: +44
(0)845 468 3632 <tel:%2B44%20%280%29845%20468%203632>  | Direct: 01707
367 628 |  http://www.intenda.net <http://www.intenda.net/> 8 | 
<http://www.facebook.com/pages/Intenda/182485305152885?sk=info>  | 
<http://www.linkedin.com/company/intenda>  | 
<http://www.twitter.com/Intenda_News> 

IMPORTANT NOTICE: This communication contains information that is
confidential and may also be privileged. It is for the exclusive use of
the intended recipient(s). Any unauthorized use, alteration or
dissemination is 

prohibited. If you have received this communication in error, please
return it with the title "received in error" to 
Mailto:distribu...@intenda.net <mailto:distribu...@intenda.co.za>  <
mailto:distribu...@intenda.net <mailto:distribu...@intenda.co.za> > then
delete the email and destroy 

any copies of it. Any views expressed in this message are those of the
individual sender and not necessarily those of Intenda UK Ltd. Intenda
UK Ltd accepts no liability whatsoever for any loss whether it be
direct, 

indirect or consequential, arising from information made available and
actions resulting there from.

P         Think be4 u print