You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@drill.apache.org by "Diego (JIRA)" <ji...@apache.org> on 2017/04/07 18:06:41 UTC

[jira] [Commented] (DRILL-4280) Kerberos Authentication

    [ https://issues.apache.org/jira/browse/DRILL-4280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15961202#comment-15961202 ] 

Diego  commented on DRILL-4280:
-------------------------------

Hi,

I'm using drill 1.10.0 and I enabled kerberos on drill-override.conf as described in the documentation

     drill.exec {  
        security: {  
          user.auth.enabled:true,  
          auth.mechanisms:[“KERBEROS”],  
          auth.principal:“<username>/<FQDN>@<REALM>.COM”,  
          auth.keytab:“/etc/drill/conf/drill.keytab”  
        }  
    } 

however, when starting the drillbit process, the webserver is not starting and is showing this warning:

[main] WARN  o.a.drill.exec.server.rest.WebServer - Not starting web server. Currently Drill supports web authentication only through username/password. But PLAIN mechanism is not configured.


2017-04-07 13:41:18,513 [main] INFO  o.a.d.exec.server.BootStrapContext - Process user name: 'user' and logged in successfully as '<username>/<FQDN>@<REALM>.COM'
2017-04-07 13:41:18,526 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 2 classes for org.apache.drill.exec.rpc.security.AuthenticatorFactory took 2ms
2017-04-07 13:41:18,527 [main] INFO  o.a.d.e.r.s.AuthenticatorProviderImpl - Configured authentication mechanisms: [kerberos]
2017-04-07 13:41:18,877 [main] INFO  o.a.d.e.s.s.PersistentStoreRegistry - Using the configured PStoreProvider class: 'org.apache.drill.exec.store.sys.store.provider.ZookeeperPersistentStoreProvider'.
2017-04-07 13:41:19,123 [main] INFO  o.a.d.e.r.user.UserConnectionConfig - Configured all user connections to require authentication using: [kerberos]
2017-04-07 13:41:19,129 [main] INFO  o.apache.drill.exec.server.Drillbit - Construction completed (1177 ms).
2017-04-07 13:41:19,416 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 16 classes for org.apache.drill.common.logical.data.LogicalOperator took 8ms
2017-04-07 13:41:19,424 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 10 classes for org.apache.drill.common.logical.StoragePluginConfig took 5ms
2017-04-07 13:41:19,427 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 7 classes for org.apache.drill.common.logical.FormatPluginConfig took 2ms
2017-04-07 13:41:19,576 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 63 classes for org.apache.drill.exec.physical.base.PhysicalOperator took 66ms
2017-04-07 13:41:19,682 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 37 classes for org.apache.drill.exec.physical.impl.BatchCreator took 25ms
2017-04-07 13:41:19,687 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 5 classes for org.apache.drill.exec.physical.impl.RootCreator took 2ms
2017-04-07 13:41:20,266 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 1 classes for org.apache.drill.exec.expr.fn.PluggableFunctionRegistry took 4ms
...
2017-04-07 13:41:21,041 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 114 classes for org.apache.hadoop.hive.ql.udf.generic.GenericUDF took 65ms
2017-04-07 13:41:21,405 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 68 classes for org.apache.hadoop.hive.ql.exec.UDF took 180ms
2017-04-07 13:41:21,426 [main] INFO  o.a.d.e.e.f.FunctionImplementationRegistry - Function registry loaded.  433 functions loaded in 1706 ms.
2017-04-07 13:41:21,434 [main] INFO  o.a.d.e.e.f.FunctionImplementationRegistry - Created and validated local udf directory [/tmp/drill/drillbits/udf/udf/local]
2017-04-07 13:41:21,437 [main] INFO  o.a.drill.exec.compile.CodeCompiler - Plain java code generation preferred: false
2017-04-07 13:41:21,612 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 9 classes for org.apache.drill.exec.store.StoragePlugin took 21ms
2017-04-07 13:41:21,760 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 6 classes for org.apache.drill.exec.store.dfs.FormatPlugin took 21ms
2017-04-07 13:41:21,775 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 7 classes for org.apache.drill.common.logical.FormatPluginConfig took 0ms
2017-04-07 13:41:21,797 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 6 classes for org.apache.drill.exec.store.dfs.FormatPlugin took 0ms
2017-04-07 13:41:21,799 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 7 classes for org.apache.drill.common.logical.FormatPluginConfig took 0ms
2017-04-07 13:41:21,799 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 7 classes for org.apache.drill.common.logical.FormatPluginConfig took 0ms
2017-04-07 13:41:21,799 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 7 classes for org.apache.drill.common.logical.FormatPluginConfig took 0ms
2017-04-07 13:41:21,820 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 6 classes for org.apache.drill.exec.store.dfs.FormatPlugin took 0ms
2017-04-07 13:41:21,823 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 7 classes for org.apache.drill.common.logical.FormatPluginConfig took 0ms
2017-04-07 13:41:21,823 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 7 classes for org.apache.drill.common.logical.FormatPluginConfig took 0ms
2017-04-07 13:41:21,823 [main] INFO  o.a.d.c.s.persistence.ScanResult - loading 7 classes for org.apache.drill.common.logical.FormatPluginConfig took 0ms
2017-04-07 13:41:21,986 [main] INFO  o.a.d.e.e.f.r.RemoteFunctionRegistry - Preparing three remote udf areas: staging, registry and tmp.
2017-04-07 13:41:22,018 [main] INFO  o.a.d.e.e.f.r.RemoteFunctionRegistry - Created remote udf area [/drill/drillbits/udf/registry] on file system [file:///]
2017-04-07 13:41:22,022 [main] INFO  o.a.d.e.e.f.r.RemoteFunctionRegistry - Created remote udf area [/drill/drillbits/udf/staging] on file system [file:///]
2017-04-07 13:41:22,027 [main] INFO  o.a.d.e.e.f.r.RemoteFunctionRegistry - Created remote udf area [/drill/drillbits/udf/tmp] on file system [file:///]
2017-04-07 13:41:22,046 [main] WARN  o.a.drill.exec.server.rest.WebServer - Not starting web server. Currently Drill supports web authentication only through username/password. But PLAIN mechanism is not configured.
2017-04-07 13:41:22,047 [main] INFO  o.apache.drill.exec.server.Drillbit - Startup completed (2918 ms).

If kerberos is configured (o.a.d.e.r.s.AuthenticatorProviderImpl - Configured authentication mechanisms: [kerberos]), should the web server ask for PLAIN?


> Kerberos Authentication
> -----------------------
>
>                 Key: DRILL-4280
>                 URL: https://issues.apache.org/jira/browse/DRILL-4280
>             Project: Apache Drill
>          Issue Type: Improvement
>            Reporter: Keys Botzum
>            Assignee: Sudheesh Katkam
>              Labels: security
>             Fix For: 1.10.0
>
>
> Drill should support Kerberos based authentication from clients. This means that both the ODBC and JDBC drivers as well as the web/REST interfaces should support inbound Kerberos. For Web this would most likely be SPNEGO while for ODBC and JDBC this will be more generic Kerberos.
> Since Hive and much of Hadoop supports Kerberos there is a potential for a lot of reuse of ideas if not implementation.
> Note that this is related to but not the same as https://issues.apache.org/jira/browse/DRILL-3584 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)