You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@drill.apache.org by Niko Arvilommi <ni...@olentolife.com> on 2015/12/07 16:04:46 UTC
Rest & web authentication
Hi
Is it possible to secure the WEB UI and REST api with password or similiar methods. Shared keys or something ?
It seems to be too open if it not possible
Best Niko Arvilommi
Re: Rest & web authentication
Posted by Sudheesh Katkam <sk...@maprtech.com>.
Hi John,
MapR Drill 1.3 has the web authentication feature (DRILL-3201), whereas Apache Drill 1.3 does not.
Thank you,
Sudheesh
> On Dec 7, 2015, at 11:16 AM, John Omernik <jo...@omernik.com> wrote:
>
> This is really odd to me. I have 1.3 (Compiled by MapR) running on my
> cluster right now. I added libjpam.so to my java.library.path, and I have
> ldap configured on the nodes in pam. When I hit the Web UI (via HTTPS,
> HTTP is disabled) I get prompt for user name and the authentication goes
> against the pam on the system, allowing me in. Only the user running the
> drill bits has "admin" functions in Drill, other users only see a subset of
> tabs (Query, Profiles, Metrics) (the Drillbit user has Query, profiles,
> storage, metrics, and threads).
>
> This is also true with the RestAPI. I have to authenticate to use it at
> this point. I just do forms authentication using the python requests
> module. (I feel like it should accept basic auth over SSL for API good
> ness, but my hack works)
>
> Thus, I feel like it's been secured fairly well (SSL, Authentication, Users
> etc). So I do not understand why DRILL-3201 says 1.5, and while it's
> stated that Web Authentication is not available yet...
>
>
>
>
>
> On Mon, Dec 7, 2015 at 11:13 AM, Andries Engelbrecht <
> aengelbrecht@maprtech.com> wrote:
>
>> This topic came up a while ago and there was a bit of confusion.
>>
>> See the discussion thread here for more info.
>>
>> http://search-hadoop.com/m/qRVAXir9Do1qHni72&subj=How+to+setup+user+authentication+for+the+WebUI+
>> <
>> http://search-hadoop.com/m/qRVAXir9Do1qHni72&subj=How+to+setup+user+authentication+for+the+WebUI+
>>>
>>
>> Sudheesh listed the JIRA to track it.
>>
>> --Andries
>>
>>
>>
>>> On Dec 7, 2015, at 8:32 AM, Sudheesh Katkam <sk...@maprtech.com>
>> wrote:
>>>
>>> Hi Niko,
>>>
>>> Web authentication is not available yet; DRILL-3201 <
>> https://issues.apache.org/jira/browse/DRILL-3201> is being reviewed. The
>> doc pages are ahead.
>>>
>>> Thank you,
>>> Sudheesh
>>>
>>>> On Dec 7, 2015, at 7:06 AM, Keys Botzum <kb...@maprtech.com> wrote:
>>>>
>>>> I think this answers your question (the answer is yes according to the
>> docs):
>>>>
>>>>
>> https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/
>> <
>> https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/
>>>
>>>>
>>>> Keys
>>>> _______________________________
>>>> Keys Botzum
>>>> Senior Principal Technologist
>>>> kbotzum@maprtech.com <ma...@maprtech.com>
>>>> 443-718-0098
>>>> MapR Technologies
>>>> http://www.mapr.com <http://www.mapr.com/>
>>>>> On Dec 7, 2015, at 10:04 AM, Niko Arvilommi <ni...@olentolife.com>
>> wrote:
>>>>>
>>>>> Hi
>>>>>
>>>>> Is it possible to secure the WEB UI and REST api with password or
>> similiar methods. Shared keys or something ?
>>>>> It seems to be too open if it not possible
>>>>>
>>>>> Best Niko Arvilommi
>>>>
>>>
>>
>>
Re: Rest & web authentication
Posted by John Omernik <jo...@omernik.com>.
Ahh I see. That explains that. Will it only be included in Drill 1.5 and
greater? That seems a ways out... it's a great feature :)
On Mon, Dec 7, 2015 at 1:55 PM, Kristine Hahn <kh...@maprtech.com> wrote:
> Drill on MapR has the features you're describing:
>
> http://doc.mapr.com/display/MapR/Configuring+Web+Console+and+REST+API+Security
> .
> The differences between the open source and MapR versions are listed on
> http://doc.mapr.com/display/components/Drill+1.2.0+Release+Notes.
>
> The web security feature was designed to be included in the open source
> version and is now be reviewed for inclusion:
> https://issues.apache.org/jira/browse/DRILL-3201
>
> Kristine Hahn
> Sr. Technical Writer
> 415-497-8107 @krishahn skype:krishahn
>
>
> On Mon, Dec 7, 2015 at 11:16 AM, John Omernik <jo...@omernik.com> wrote:
>
> > This is really odd to me. I have 1.3 (Compiled by MapR) running on my
> > cluster right now. I added libjpam.so to my java.library.path, and I
> have
> > ldap configured on the nodes in pam. When I hit the Web UI (via HTTPS,
> > HTTP is disabled) I get prompt for user name and the authentication goes
> > against the pam on the system, allowing me in. Only the user running the
> > drill bits has "admin" functions in Drill, other users only see a subset
> of
> > tabs (Query, Profiles, Metrics) (the Drillbit user has Query, profiles,
> > storage, metrics, and threads).
> >
> > This is also true with the RestAPI. I have to authenticate to use it at
> > this point. I just do forms authentication using the python requests
> > module. (I feel like it should accept basic auth over SSL for API good
> > ness, but my hack works)
> >
> > Thus, I feel like it's been secured fairly well (SSL, Authentication,
> Users
> > etc). So I do not understand why DRILL-3201 says 1.5, and while it's
> > stated that Web Authentication is not available yet...
> >
> >
> >
> >
> >
> > On Mon, Dec 7, 2015 at 11:13 AM, Andries Engelbrecht <
> > aengelbrecht@maprtech.com> wrote:
> >
> > > This topic came up a while ago and there was a bit of confusion.
> > >
> > > See the discussion thread here for more info.
> > >
> > >
> >
> http://search-hadoop.com/m/qRVAXir9Do1qHni72&subj=How+to+setup+user+authentication+for+the+WebUI+
> > > <
> > >
> >
> http://search-hadoop.com/m/qRVAXir9Do1qHni72&subj=How+to+setup+user+authentication+for+the+WebUI+
> > > >
> > >
> > > Sudheesh listed the JIRA to track it.
> > >
> > > --Andries
> > >
> > >
> > >
> > > > On Dec 7, 2015, at 8:32 AM, Sudheesh Katkam <sk...@maprtech.com>
> > > wrote:
> > > >
> > > > Hi Niko,
> > > >
> > > > Web authentication is not available yet; DRILL-3201 <
> > > https://issues.apache.org/jira/browse/DRILL-3201> is being reviewed.
> The
> > > doc pages are ahead.
> > > >
> > > > Thank you,
> > > > Sudheesh
> > > >
> > > >> On Dec 7, 2015, at 7:06 AM, Keys Botzum <kb...@maprtech.com>
> wrote:
> > > >>
> > > >> I think this answers your question (the answer is yes according to
> the
> > > docs):
> > > >>
> > > >>
> > >
> >
> https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/
> > > <
> > >
> >
> https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/
> > > >
> > > >>
> > > >> Keys
> > > >> _______________________________
> > > >> Keys Botzum
> > > >> Senior Principal Technologist
> > > >> kbotzum@maprtech.com <ma...@maprtech.com>
> > > >> 443-718-0098
> > > >> MapR Technologies
> > > >> http://www.mapr.com <http://www.mapr.com/>
> > > >>> On Dec 7, 2015, at 10:04 AM, Niko Arvilommi <ni...@olentolife.com>
> > > wrote:
> > > >>>
> > > >>> Hi
> > > >>>
> > > >>> Is it possible to secure the WEB UI and REST api with password or
> > > similiar methods. Shared keys or something ?
> > > >>> It seems to be too open if it not possible
> > > >>>
> > > >>> Best Niko Arvilommi
> > > >>
> > > >
> > >
> > >
> >
>
Re: Rest & web authentication
Posted by Kristine Hahn <kh...@maprtech.com>.
Drill on MapR has the features you're describing:
http://doc.mapr.com/display/MapR/Configuring+Web+Console+and+REST+API+Security
.
The differences between the open source and MapR versions are listed on
http://doc.mapr.com/display/components/Drill+1.2.0+Release+Notes.
The web security feature was designed to be included in the open source
version and is now be reviewed for inclusion:
https://issues.apache.org/jira/browse/DRILL-3201
Kristine Hahn
Sr. Technical Writer
415-497-8107 @krishahn skype:krishahn
On Mon, Dec 7, 2015 at 11:16 AM, John Omernik <jo...@omernik.com> wrote:
> This is really odd to me. I have 1.3 (Compiled by MapR) running on my
> cluster right now. I added libjpam.so to my java.library.path, and I have
> ldap configured on the nodes in pam. When I hit the Web UI (via HTTPS,
> HTTP is disabled) I get prompt for user name and the authentication goes
> against the pam on the system, allowing me in. Only the user running the
> drill bits has "admin" functions in Drill, other users only see a subset of
> tabs (Query, Profiles, Metrics) (the Drillbit user has Query, profiles,
> storage, metrics, and threads).
>
> This is also true with the RestAPI. I have to authenticate to use it at
> this point. I just do forms authentication using the python requests
> module. (I feel like it should accept basic auth over SSL for API good
> ness, but my hack works)
>
> Thus, I feel like it's been secured fairly well (SSL, Authentication, Users
> etc). So I do not understand why DRILL-3201 says 1.5, and while it's
> stated that Web Authentication is not available yet...
>
>
>
>
>
> On Mon, Dec 7, 2015 at 11:13 AM, Andries Engelbrecht <
> aengelbrecht@maprtech.com> wrote:
>
> > This topic came up a while ago and there was a bit of confusion.
> >
> > See the discussion thread here for more info.
> >
> >
> http://search-hadoop.com/m/qRVAXir9Do1qHni72&subj=How+to+setup+user+authentication+for+the+WebUI+
> > <
> >
> http://search-hadoop.com/m/qRVAXir9Do1qHni72&subj=How+to+setup+user+authentication+for+the+WebUI+
> > >
> >
> > Sudheesh listed the JIRA to track it.
> >
> > --Andries
> >
> >
> >
> > > On Dec 7, 2015, at 8:32 AM, Sudheesh Katkam <sk...@maprtech.com>
> > wrote:
> > >
> > > Hi Niko,
> > >
> > > Web authentication is not available yet; DRILL-3201 <
> > https://issues.apache.org/jira/browse/DRILL-3201> is being reviewed. The
> > doc pages are ahead.
> > >
> > > Thank you,
> > > Sudheesh
> > >
> > >> On Dec 7, 2015, at 7:06 AM, Keys Botzum <kb...@maprtech.com> wrote:
> > >>
> > >> I think this answers your question (the answer is yes according to the
> > docs):
> > >>
> > >>
> >
> https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/
> > <
> >
> https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/
> > >
> > >>
> > >> Keys
> > >> _______________________________
> > >> Keys Botzum
> > >> Senior Principal Technologist
> > >> kbotzum@maprtech.com <ma...@maprtech.com>
> > >> 443-718-0098
> > >> MapR Technologies
> > >> http://www.mapr.com <http://www.mapr.com/>
> > >>> On Dec 7, 2015, at 10:04 AM, Niko Arvilommi <ni...@olentolife.com>
> > wrote:
> > >>>
> > >>> Hi
> > >>>
> > >>> Is it possible to secure the WEB UI and REST api with password or
> > similiar methods. Shared keys or something ?
> > >>> It seems to be too open if it not possible
> > >>>
> > >>> Best Niko Arvilommi
> > >>
> > >
> >
> >
>
Re: Rest & web authentication
Posted by John Omernik <jo...@omernik.com>.
This is really odd to me. I have 1.3 (Compiled by MapR) running on my
cluster right now. I added libjpam.so to my java.library.path, and I have
ldap configured on the nodes in pam. When I hit the Web UI (via HTTPS,
HTTP is disabled) I get prompt for user name and the authentication goes
against the pam on the system, allowing me in. Only the user running the
drill bits has "admin" functions in Drill, other users only see a subset of
tabs (Query, Profiles, Metrics) (the Drillbit user has Query, profiles,
storage, metrics, and threads).
This is also true with the RestAPI. I have to authenticate to use it at
this point. I just do forms authentication using the python requests
module. (I feel like it should accept basic auth over SSL for API good
ness, but my hack works)
Thus, I feel like it's been secured fairly well (SSL, Authentication, Users
etc). So I do not understand why DRILL-3201 says 1.5, and while it's
stated that Web Authentication is not available yet...
On Mon, Dec 7, 2015 at 11:13 AM, Andries Engelbrecht <
aengelbrecht@maprtech.com> wrote:
> This topic came up a while ago and there was a bit of confusion.
>
> See the discussion thread here for more info.
>
> http://search-hadoop.com/m/qRVAXir9Do1qHni72&subj=How+to+setup+user+authentication+for+the+WebUI+
> <
> http://search-hadoop.com/m/qRVAXir9Do1qHni72&subj=How+to+setup+user+authentication+for+the+WebUI+
> >
>
> Sudheesh listed the JIRA to track it.
>
> --Andries
>
>
>
> > On Dec 7, 2015, at 8:32 AM, Sudheesh Katkam <sk...@maprtech.com>
> wrote:
> >
> > Hi Niko,
> >
> > Web authentication is not available yet; DRILL-3201 <
> https://issues.apache.org/jira/browse/DRILL-3201> is being reviewed. The
> doc pages are ahead.
> >
> > Thank you,
> > Sudheesh
> >
> >> On Dec 7, 2015, at 7:06 AM, Keys Botzum <kb...@maprtech.com> wrote:
> >>
> >> I think this answers your question (the answer is yes according to the
> docs):
> >>
> >>
> https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/
> <
> https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/
> >
> >>
> >> Keys
> >> _______________________________
> >> Keys Botzum
> >> Senior Principal Technologist
> >> kbotzum@maprtech.com <ma...@maprtech.com>
> >> 443-718-0098
> >> MapR Technologies
> >> http://www.mapr.com <http://www.mapr.com/>
> >>> On Dec 7, 2015, at 10:04 AM, Niko Arvilommi <ni...@olentolife.com>
> wrote:
> >>>
> >>> Hi
> >>>
> >>> Is it possible to secure the WEB UI and REST api with password or
> similiar methods. Shared keys or something ?
> >>> It seems to be too open if it not possible
> >>>
> >>> Best Niko Arvilommi
> >>
> >
>
>
Re: Rest & web authentication
Posted by Andries Engelbrecht <ae...@maprtech.com>.
This topic came up a while ago and there was a bit of confusion.
See the discussion thread here for more info.
http://search-hadoop.com/m/qRVAXir9Do1qHni72&subj=How+to+setup+user+authentication+for+the+WebUI+ <http://search-hadoop.com/m/qRVAXir9Do1qHni72&subj=How+to+setup+user+authentication+for+the+WebUI+>
Sudheesh listed the JIRA to track it.
--Andries
> On Dec 7, 2015, at 8:32 AM, Sudheesh Katkam <sk...@maprtech.com> wrote:
>
> Hi Niko,
>
> Web authentication is not available yet; DRILL-3201 <https://issues.apache.org/jira/browse/DRILL-3201> is being reviewed. The doc pages are ahead.
>
> Thank you,
> Sudheesh
>
>> On Dec 7, 2015, at 7:06 AM, Keys Botzum <kb...@maprtech.com> wrote:
>>
>> I think this answers your question (the answer is yes according to the docs):
>>
>> https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/ <https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/>
>>
>> Keys
>> _______________________________
>> Keys Botzum
>> Senior Principal Technologist
>> kbotzum@maprtech.com <ma...@maprtech.com>
>> 443-718-0098
>> MapR Technologies
>> http://www.mapr.com <http://www.mapr.com/>
>>> On Dec 7, 2015, at 10:04 AM, Niko Arvilommi <ni...@olentolife.com> wrote:
>>>
>>> Hi
>>>
>>> Is it possible to secure the WEB UI and REST api with password or similiar methods. Shared keys or something ?
>>> It seems to be too open if it not possible
>>>
>>> Best Niko Arvilommi
>>
>
Re: Rest & web authentication
Posted by Sudheesh Katkam <sk...@maprtech.com>.
Hi Niko,
Web authentication is not available yet; DRILL-3201 <https://issues.apache.org/jira/browse/DRILL-3201> is being reviewed. The doc pages are ahead.
Thank you,
Sudheesh
> On Dec 7, 2015, at 7:06 AM, Keys Botzum <kb...@maprtech.com> wrote:
>
> I think this answers your question (the answer is yes according to the docs):
>
> https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/ <https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/>
>
> Keys
> _______________________________
> Keys Botzum
> Senior Principal Technologist
> kbotzum@maprtech.com <ma...@maprtech.com>
> 443-718-0098
> MapR Technologies
> http://www.mapr.com <http://www.mapr.com/>
>> On Dec 7, 2015, at 10:04 AM, Niko Arvilommi <ni...@olentolife.com> wrote:
>>
>> Hi
>>
>> Is it possible to secure the WEB UI and REST api with password or similiar methods. Shared keys or something ?
>> It seems to be too open if it not possible
>>
>> Best Niko Arvilommi
>
Re: Rest & web authentication
Posted by Keys Botzum <kb...@maprtech.com>.
I think this answers your question (the answer is yes according to the docs):
https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/ <https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/>
Keys
_______________________________
Keys Botzum
Senior Principal Technologist
kbotzum@maprtech.com <ma...@maprtech.com>
443-718-0098
MapR Technologies
http://www.mapr.com <http://www.mapr.com/>
> On Dec 7, 2015, at 10:04 AM, Niko Arvilommi <ni...@olentolife.com> wrote:
>
> Hi
>
> Is it possible to secure the WEB UI and REST api with password or similiar methods. Shared keys or something ?
> It seems to be too open if it not possible
>
> Best Niko Arvilommi