You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@drill.apache.org by br...@apache.org on 2017/03/17 22:36:49 UTC
drill-site git commit: fix links in kerberos security docs
Repository: drill-site
Updated Branches:
refs/heads/asf-site 294ddf0bc -> ce7e0e3de
fix links in kerberos security docs
Project: http://git-wip-us.apache.org/repos/asf/drill-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/drill-site/commit/ce7e0e3d
Tree: http://git-wip-us.apache.org/repos/asf/drill-site/tree/ce7e0e3d
Diff: http://git-wip-us.apache.org/repos/asf/drill-site/diff/ce7e0e3d
Branch: refs/heads/asf-site
Commit: ce7e0e3de9c23f9e41fb6698813a470f613de2b9
Parents: 294ddf0
Author: Bridget Bevens <bb...@maprtech.com>
Authored: Fri Mar 17 15:36:37 2017 -0700
Committer: Bridget Bevens <bb...@maprtech.com>
Committed: Fri Mar 17 15:36:37 2017 -0700
----------------------------------------------------------------------
.../index.html | 28 ++++++++++----------
docs/secure-communication-paths/index.html | 4 +--
feed.xml | 4 +--
3 files changed, 18 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/drill-site/blob/ce7e0e3d/docs/configuring-kerberos-authentication/index.html
----------------------------------------------------------------------
diff --git a/docs/configuring-kerberos-authentication/index.html b/docs/configuring-kerberos-authentication/index.html
index 02043d0..5946522 100644
--- a/docs/configuring-kerberos-authentication/index.html
+++ b/docs/configuring-kerberos-authentication/index.html
@@ -1126,7 +1126,7 @@
<div class="int_text" align="left">
- <p>In release 1.10, Drill supports Kerberos v5 network security authentication. To use Kerberos with Drill and establish connectivity, use the JDBC driver packaged with Drill 1.10.</p>
+ <p>In release 1.10 Drill supports Kerberos v5 network security authentication. To use Kerberos with Drill and establish connectivity, use the JDBC driver packaged with Drill 1.10.</p>
<p>Kerberos allows trusted hosts to prove their identity over a network to an information system. A Kerberos <em>realm</em> is unique authentication domain. A centralized <em>key distribution center (KDC)</em> coordinates authentication between a clients and servers. Clients and servers obtain and use tickets from the KDC using a special <em>keytab</em> file to communicate with the KDC and prove their identity to gain access to a drillbit. Administrators must create <em>principal</em> (user or server) identities and passwords to ensure the secure exchange of mutual authentication information passed to and from the drillbit. </p>
@@ -1239,7 +1239,7 @@
<h3 id="configuration-options">Configuration Options</h3>
-<p>The following table lists configuration options for connection URLs. See the <a href="/docs/configuring-kerberos-authentication/#Connection-URL-Examples">Connection URL Examples</a> section for sample URLs.</p>
+<p>The following table lists configuration options for connection URLs. See the Connection URL Examples section for sample URLs.</p>
<table><thead>
<tr>
@@ -1289,19 +1289,19 @@
<h3 id="connection-url-examples">Connection URL Examples</h3>
-<p>Five examples in this section show the JDBC connection URL that the embedded JDBC client uses for Kerberos authentication. The first section, <a href="/docs/configuring-kerberos-authentication/#Example-of-a-Simple-Connection-URL">Example of a Simple Connection URL</a>, includes a simple connection string and the second section, <a href="/docs/configuring-kerberos-authentication/#Examples-of-Connection-URLs-Used-with-Previously-Generated-TGTs">Examples of Connection URLs Used with Previously Generated TGTs</a>, includes examples to use with previously generated TGTs.</p>
+<p>The following five examples show the JDBC connection URL that the embedded JDBC client uses for Kerberos authentication. The first section, Example of a Simple Connection URL, includes a simple connection string and the second section, Examples of Connection URLs Used with Previously Generated TGTs, includes examples to use with previously generated TGTs.</p>
<ul>
-<li><p><a href="/docs/configuring-kerberos-authentication/#Example-1:-TGT-for-Client-Credentials">Example 1: TGT for Client Credentials</a></p></li>
-<li><p><a href="/docs/configuring-kerberos-authentication/#Example-2:-Drillbit-Provided-by-Direct-Connection-String-and-Configured-with-a-Unique-Service-Principal">Example 2: Drillbit Provided by Direct Connection String and Configured with a Unique Service Principal</a></p></li>
-<li><p><a href="/docs/configuring-kerberos-authentication/#Example-3:-Drillbit-Selected-by-ZooKeeper-and-Configured-with-a-Unique-Service-Principal">Example 3: Drillbit Selected by ZooKeeper and Configured with a Unique Service Principal</a></p></li>
-<li><p><a href="/docs/Example-4:-Drillbit-Selected-by-Zookeeper-and-Configured-with-a-Common-Service-Principal">Example 4: Drillbit Selected by Zookeeper and Configured with a Common Service Principal</a></p></li>
-<li><p><a href="/docs/configuring-plain-authentication/#Example-5:-Keytab-for-Client-Credentials">Example 5: Keytab for Client Credentials</a></p></li>
+<li>Example 1: TGT for Client Credentials<br></li>
+<li>Example 2: Drillbit Provided by Direct Connection String and Configured with a Unique Service Principal<br></li>
+<li>Example 3: Drillbit Selected by ZooKeeper and Configured with a Unique Service Principal<br></li>
+<li>Example 4: Drillbit Selected by Zookeeper and Configured with a Common Service Principal<br></li>
+<li>Example 5: Keytab for Client Credentials</li>
</ul>
<h4 id="example-of-a-simple-connection-url">Example of a Simple Connection URL</h4>
-<h5 id="example-1:-tgt-for-client-credentials">Example 1: TGT for Client Credentials</h5>
+<h5 id="example-1:-tgt-for-client-credentials">Example 1: TGT for Client Credentials</h5>
<p>The simplest way to connect using Kerberos is to generate a TGT on the client side. Only specify the service principal in the JDBC connection string for the drillbit the user wants to connect to.</p>
<div class="highlight"><pre><code class="language-text" data-lang="text">jdbc:drill:drillbit=10.10.10.10;principal=<principal for host 10.10.10.10>
@@ -1329,7 +1329,7 @@
<hr>
-<h5 id="example-2:-drillbit-provided-by-direct-connection-string-and-configured-with-a-unique-service-principal">Example 2: Drillbit Provided by Direct Connection String and Configured with a Unique Service Principal</h5>
+<h5 id="example-2:-drillbit-provided-by-direct-connection-string-and-configured-with-a-unique-service-principal">Example 2: Drillbit Provided by Direct Connection String and Configured with a Unique Service Principal</h5>
<p>This type of connection string is used when:</p>
@@ -1349,7 +1349,7 @@
<p>The internally created service principal will be <strong><code>drill/host1@<realm from TGT></code></strong>.</p>
-<h5 id="example-3:-drillbit-selected-by-zookeeper-and-configured-with-unique-service-principal">Example 3: Drillbit Selected by ZooKeeper and Configured with Unique Service Principal</h5>
+<h5 id="example-3:-drillbit-selected-by-zookeeper-and-configured-with-unique-service-principal">Example 3: Drillbit Selected by ZooKeeper and Configured with Unique Service Principal</h5>
<p>This type of connection string is used when the drillbit is chosen by ZooKeeper instead of directly from the connection string.</p>
<div class="highlight"><pre><code class="language-text" data-lang="text">jdbc:drill:zk=host01.aws.lab:5181;auth=kerberos;service_name=myDrill
@@ -1363,7 +1363,7 @@
<p>The internally created service principal will be <strong><code>myDrill/<host address from zk>@<realm from TGT></code></strong>.</p>
-<h5 id="example-4:-drillbit-selected-by-zookeeper-and-configured-with-a-common-service-principal">Example 4: Drillbit Selected by Zookeeper and Configured with a Common Service Principal</h5>
+<h5 id="example-4:-drillbit-selected-by-zookeeper-and-configured-with-a-common-service-principal">Example 4: Drillbit Selected by Zookeeper and Configured with a Common Service Principal</h5>
<p>This type of connection string is used when all drillbits in a cluster use the same principal.</p>
<div class="highlight"><pre><code class="language-text" data-lang="text">jdbc:drill:zk=host01.aws.lab:5181;auth=kerberos;service_name=myDrill;service_host=myDrillCluster
@@ -1377,7 +1377,7 @@
<p>The internally created service principal, which will be <strong><code>myDrill/myDrillCluster@<realm from TGT></code></strong>.</p>
-<h5 id="example-5:-keytab-for-client-credentials">Example 5: Keytab for Client Credentials</h5>
+<h5 id="example-5:-keytab-for-client-credentials">Example 5: Keytab for Client Credentials</h5>
<p>If a client chooses to provide its credentials in a keytab instead of a TGT, it must also provide a principal in the user parameter. In this case, realm information will be extracted from the <code>/etc/krb5.conf</code> file on the node if it is not provided in the connection URL. All other parameters can be used as shown in the preceding examples (1-4). This connection string is for the case when all drillbits in a cluster use the same principal.</p>
<div class="highlight"><pre><code class="language-text" data-lang="text">jdbc:drill:zk=host01.aws.lab:5181;auth=kerberos;service_name=myDrill;service_host=myDrillCluster;keytab=<path to keytab file>;user=<client principal>
@@ -1388,7 +1388,7 @@
<li>Will authenticate itself with the:
<ul>
-<li>keytab (<strong><code>path to keytab file</code></strong>) and </li>
+<li>Keytab (<strong><code>path to keytab file</code></strong>) and </li>
<li>Principal provided in the user parameter (<strong><code>client principal</code></strong>)</li>
</ul></li>
<li>Uses the:
http://git-wip-us.apache.org/repos/asf/drill-site/blob/ce7e0e3d/docs/secure-communication-paths/index.html
----------------------------------------------------------------------
diff --git a/docs/secure-communication-paths/index.html b/docs/secure-communication-paths/index.html
index 2e3bd6a..de83495 100644
--- a/docs/secure-communication-paths/index.html
+++ b/docs/secure-communication-paths/index.html
@@ -1133,7 +1133,7 @@
<li>C++ client to drillbit</li>
<li>Java client to drillbit</li>
<li>Java client and drillbit to ZooKeeper</li>
-<li>Drillbit to storage plugin<br></li>
+<li>Drillbit to storage plugin</li>
</ol>
<p><img src="/docs/img/secure-communication-paths.png" alt="secure comm paths"></p>
@@ -1254,7 +1254,7 @@
<tr>
<td>Impersonation</td>
<td>While accessing Hive Metastore, Hive impersonation setting in the storage plugin configuration overrides Drill\u2019s impersonation setting. While scanning data in Hive, Drill impersonation is applied.</td>
-<td>Configuring User Impersonation</td>
+<td><a href="/docs/configuring-user-impersonation">Configuring User Impersonation</a></td>
</tr>
<tr>
<td>Authorization</td>
http://git-wip-us.apache.org/repos/asf/drill-site/blob/ce7e0e3d/feed.xml
----------------------------------------------------------------------
diff --git a/feed.xml b/feed.xml
index 9bab017..5dcbc6e 100644
--- a/feed.xml
+++ b/feed.xml
@@ -6,8 +6,8 @@
</description>
<link>/</link>
<atom:link href="/feed.xml" rel="self" type="application/rss+xml"/>
- <pubDate>Fri, 17 Mar 2017 14:10:10 -0700</pubDate>
- <lastBuildDate>Fri, 17 Mar 2017 14:10:10 -0700</lastBuildDate>
+ <pubDate>Fri, 17 Mar 2017 15:33:49 -0700</pubDate>
+ <lastBuildDate>Fri, 17 Mar 2017 15:33:49 -0700</lastBuildDate>
<generator>Jekyll v2.5.2</generator>
<item>