You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@drill.apache.org by "Terence Namusonge Sifuna (JIRA)" <ji...@apache.org> on 2019/06/18 13:26:00 UTC

[jira] [Updated] (DRILL-7296) Kerberos Authorisation

     [ https://issues.apache.org/jira/browse/DRILL-7296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Terence Namusonge Sifuna updated DRILL-7296:
--------------------------------------------
    Summary: Kerberos Authorisation  (was: No way to limit kerberos access to a particular group)

> Kerberos Authorisation
> ----------------------
>
>                 Key: DRILL-7296
>                 URL: https://issues.apache.org/jira/browse/DRILL-7296
>             Project: Apache Drill
>          Issue Type: Bug
>          Components:  Server
>    Affects Versions: 1.16.0
>         Environment: drill version 1.16
> drill host ubuntu 1804
> kerberos: FreeIPA (hbac rules)
>            Reporter: Terence Namusonge Sifuna
>            Priority: Major
>
> Currently there is no way to limit drill user access to a particular LDAP group when kerberos is used for authentication.Its not an issue with PAM as it supports sssd which knows how to do this.
> So the sum effect is that any valid kerberos user can access drill while typically access would be limited to particular groups. So to test I have a kerberos enviroment with freeIPA and set up with a user tuser2 who has no host access on the drill server (hbac rule). 
> Access is denied when I try and connect using sqlLine using user/password credentials ( correct) but access it granted if I connect with an acquired TGT ticket then access is granted ( wrong)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)