You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@drill.apache.org by "Robert Hou (JIRA)" <ji...@apache.org> on 2018/10/10 23:11:00 UTC

[jira] [Updated] (DRILL-6787) Update Spnego webpage

     [ https://issues.apache.org/jira/browse/DRILL-6787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Hou updated DRILL-6787:
------------------------------
    Description: 
A few things should be updated on this webpage:
https://drill.apache.org/docs/configuring-drill-to-use-spnego-for-http-authentication/

When configuring drillbits in drill-override.conf, the principal and keytab should be corrected.  There are two places where this should be corrected.
{noformat}
drill.exec.http: {
              auth.spnego.principal:"HTTP/hostname@realm",
              auth.spnego.keytab:"path/to/keytab",
              auth.mechanisms: [“SPNEGO”]    
        }
{noformat}
For the section on Chrome, we should change "hostname/domain" to "domain".  Also, the two blanks around the "=" should be removed.
{noformat}
google-chrome --auth-server-whitelist="domain"
example: google-chrome --auth-server-whitelist="machine.example.com"
example: google-chrome --auth-server-whitelist="*.example.com"

The IP address can also be used
example: google-chrome --auth-server-whitelist="10.10.100.101"

The URL given to Chrome to access the Web UI should match the domain specified in auth-server-whitelist.  If the domain is used in auth-server-whitelist, then the domain should be used with Chrome.  If the IP address is used in auth-server-whitelist, then the IP address should be used with Chrome.
{noformat}

Also, Linux and Mac should be treated in separate paragraphs.  These should be the directions for Mac:
{noformat}
cd /Applications/Google Chrome.app/Contents/MacOS
./"Google Chrome" --auth-server-whitelist="*.example.com"
{noformat}

  was:
A few things should be updated on this webpage:
https://drill.apache.org/docs/configuring-drill-to-use-spnego-for-http-authentication/

When configuring drillbits in drill-override.conf, the principal and keytab should be corrected.  There are two places where this should be corrected.
{noformat}
drill.exec.http: {
              auth.spnego.principal:"HTTP/hostname@realm",
              auth.spnego.keytab:"path/to/keytab",
              auth.mechanisms: [“SPNEGO”]    
        }
{noformat}
For the section on Chrome, we should change "hostname/domain" to "domain".  Or "hostname@domain".  Also, the two blanks around the "=" should be removed.
{noformat}
google-chrome --auth-server-whitelist="hostname/domain"
{noformat}
Also, for the section on Chrome, the "domain" should match the URL given to Chrome to access the Web UI.

Also, Linux and Mac should be treated in separate paragraphs.  These should be the directions for Mac:
{noformat}
cd /Applications/Google Chrome.app/Contents/MacOS
./"Google Chrome" --auth-server-whitelist="example.com"
{noformat}


> Update Spnego webpage
> ---------------------
>
>                 Key: DRILL-6787
>                 URL: https://issues.apache.org/jira/browse/DRILL-6787
>             Project: Apache Drill
>          Issue Type: Bug
>    Affects Versions: 1.14.0
>            Reporter: Robert Hou
>            Assignee: Bridget Bevens
>            Priority: Major
>             Fix For: 1.15.0
>
>
> A few things should be updated on this webpage:
> https://drill.apache.org/docs/configuring-drill-to-use-spnego-for-http-authentication/
> When configuring drillbits in drill-override.conf, the principal and keytab should be corrected.  There are two places where this should be corrected.
> {noformat}
> drill.exec.http: {
>               auth.spnego.principal:"HTTP/hostname@realm",
>               auth.spnego.keytab:"path/to/keytab",
>               auth.mechanisms: [“SPNEGO”]    
>         }
> {noformat}
> For the section on Chrome, we should change "hostname/domain" to "domain".  Also, the two blanks around the "=" should be removed.
> {noformat}
> google-chrome --auth-server-whitelist="domain"
> example: google-chrome --auth-server-whitelist="machine.example.com"
> example: google-chrome --auth-server-whitelist="*.example.com"
> The IP address can also be used
> example: google-chrome --auth-server-whitelist="10.10.100.101"
> The URL given to Chrome to access the Web UI should match the domain specified in auth-server-whitelist.  If the domain is used in auth-server-whitelist, then the domain should be used with Chrome.  If the IP address is used in auth-server-whitelist, then the IP address should be used with Chrome.
> {noformat}
> Also, Linux and Mac should be treated in separate paragraphs.  These should be the directions for Mac:
> {noformat}
> cd /Applications/Google Chrome.app/Contents/MacOS
> ./"Google Chrome" --auth-server-whitelist="*.example.com"
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)