drill-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bridg...@apache.org
Subject [4/5] drill git commit: securing drill doc edits
Date Thu, 16 Mar 2017 02:21:01 GMT
securing drill doc edits


Project: http://git-wip-us.apache.org/repos/asf/drill/repo
Commit: http://git-wip-us.apache.org/repos/asf/drill/commit/701dd18e
Tree: http://git-wip-us.apache.org/repos/asf/drill/tree/701dd18e
Diff: http://git-wip-us.apache.org/repos/asf/drill/diff/701dd18e

Branch: refs/heads/gh-pages
Commit: 701dd18e55132e21107b98386f54552fe78b1bc2
Parents: 74e0fee
Author: Bridget Bevens <bbevens@maprtech.com>
Authored: Wed Mar 15 18:47:52 2017 -0700
Committer: Bridget Bevens <bbevens@maprtech.com>
Committed: Wed Mar 15 18:47:52 2017 -0700

----------------------------------------------------------------------
 _data/docs.json                                 | 288 ++++++++-----------
 .../075-configuring-user-authentication.md      | 193 -------------
 .../010-securing-drill-introduction.md          |   6 +-
 .../070-configuring-user-authentication.md      |   6 +-
 ...090-configuring-kerberos-auththentication.md |  81 +++---
 5 files changed, 163 insertions(+), 411 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/drill/blob/701dd18e/_data/docs.json
----------------------------------------------------------------------
diff --git a/_data/docs.json b/_data/docs.json
index 4148c55..950fd4f 100644
--- a/_data/docs.json
+++ b/_data/docs.json
@@ -121,8 +121,8 @@
                         }
                     ], 
                     "children": [], 
-                    "next_title": "Dynamic UDFs", 
-                    "next_url": "/docs/dynamic-udfs/", 
+                    "next_title": "Creating Custom Authenticators", 
+                    "next_url": "/docs/creating-custom-authenticators/", 
                     "parent": "Adding Custom Functions to Drill", 
                     "previous_title": "Adding Custom Functions to Drill Introduction", 
                     "previous_url": "/docs/adding-custom-functions-to-drill-introduction/",

@@ -142,11 +142,32 @@
                         }
                     ], 
                     "children": [], 
-                    "next_title": "Using Custom Functions in Queries", 
-                    "next_url": "/docs/using-custom-functions-in-queries/", 
+                    "next_title": "Dynamic UDFs", 
+                    "next_url": "/docs/dynamic-udfs/", 
                     "parent": "Adding Custom Functions to Drill", 
                     "previous_title": "Manually Adding Custom Functions to Drill", 
                     "previous_url": "/docs/manually-adding-custom-functions-to-drill/", 
+                    "relative_path": "_docs/develop-custom-functions/adding-custom-functions-to-drill/015-creating-custom-authenticators.md",

+                    "title": "Creating Custom Authenticators", 
+                    "url": "/docs/creating-custom-authenticators/"
+                }, 
+                {
+                    "breadcrumbs": [
+                        {
+                            "title": "Adding Custom Functions to Drill", 
+                            "url": "/docs/adding-custom-functions-to-drill/"
+                        }, 
+                        {
+                            "title": "Develop Custom Functions", 
+                            "url": "/docs/develop-custom-functions/"
+                        }
+                    ], 
+                    "children": [], 
+                    "next_title": "Using Custom Functions in Queries", 
+                    "next_url": "/docs/using-custom-functions-in-queries/", 
+                    "parent": "Adding Custom Functions to Drill", 
+                    "previous_title": "Creating Custom Authenticators", 
+                    "previous_url": "/docs/creating-custom-authenticators/", 
                     "relative_path": "_docs/develop-custom-functions/adding-custom-functions-to-drill/020-dynamic-udfs.md",

                     "title": "Dynamic UDFs", 
                     "url": "/docs/dynamic-udfs/"
@@ -1369,8 +1390,8 @@
                                 }
                             ], 
                             "children": [], 
-                            "next_title": "Configuring User Impersonation", 
-                            "next_url": "/docs/configuring-user-impersonation/", 
+                            "next_title": "Configuring User Authentication", 
+                            "next_url": "/docs/configuring-user-authentication/", 
                             "parent": "Configuring a Multitenant Cluster", 
                             "previous_title": "Configuring Multitenant Resources", 
                             "previous_url": "/docs/configuring-multitenant-resources/", 
@@ -1396,45 +1417,11 @@
                         }
                     ], 
                     "children": [], 
-                    "next_title": "Configuring Inbound Impersonation", 
-                    "next_url": "/docs/configuring-inbound-impersonation/", 
+                    "next_title": "Configuring Drill to Read Web Server Logs", 
+                    "next_url": "/docs/configuring-drill-to-read-web-server-logs/", 
                     "parent": "Configure Drill", 
                     "previous_title": "Configuring Resources for a Shared Drillbit", 
                     "previous_url": "/docs/configuring-resources-for-a-shared-drillbit/",

-                    "relative_path": "_docs/configure-drill/070-configuring-user-impersonation.md",

-                    "title": "Configuring User Impersonation", 
-                    "url": "/docs/configuring-user-impersonation/"
-                }, 
-                {
-                    "breadcrumbs": [
-                        {
-                            "title": "Configure Drill", 
-                            "url": "/docs/configure-drill/"
-                        }
-                    ], 
-                    "children": [], 
-                    "next_title": "Configuring User Authentication", 
-                    "next_url": "/docs/configuring-user-authentication/", 
-                    "parent": "Configure Drill", 
-                    "previous_title": "Configuring User Impersonation", 
-                    "previous_url": "/docs/configuring-user-impersonation/", 
-                    "relative_path": "_docs/configure-drill/071-configure-inbound-impersonation.md",

-                    "title": "Configuring Inbound Impersonation", 
-                    "url": "/docs/configuring-inbound-impersonation/"
-                }, 
-                {
-                    "breadcrumbs": [
-                        {
-                            "title": "Configure Drill", 
-                            "url": "/docs/configure-drill/"
-                        }
-                    ], 
-                    "children": [], 
-                    "next_title": "Configuring User Impersonation with Hive Authorization",

-                    "next_url": "/docs/configuring-user-impersonation-with-hive-authorization/",

-                    "parent": "Configure Drill", 
-                    "previous_title": "Configuring Inbound Impersonation", 
-                    "previous_url": "/docs/configuring-inbound-impersonation/", 
                     "relative_path": "_docs/configure-drill/075-configuring-user-authentication.md",

                     "title": "Configuring User Authentication", 
                     "url": "/docs/configuring-user-authentication/"
@@ -1447,45 +1434,11 @@
                         }
                     ], 
                     "children": [], 
-                    "next_title": "Configuring Web Console and REST API Security", 
-                    "next_url": "/docs/configuring-web-console-and-rest-api-security/", 
-                    "parent": "Configure Drill", 
-                    "previous_title": "Configuring User Authentication", 
-                    "previous_url": "/docs/configuring-user-authentication/", 
-                    "relative_path": "_docs/configure-drill/076-configuring-user-impersonation-with-hive-authorization.md",

-                    "title": "Configuring User Impersonation with Hive Authorization", 
-                    "url": "/docs/configuring-user-impersonation-with-hive-authorization/"
-                }, 
-                {
-                    "breadcrumbs": [
-                        {
-                            "title": "Configure Drill", 
-                            "url": "/docs/configure-drill/"
-                        }
-                    ], 
-                    "children": [], 
-                    "next_title": "Configuring Drill to Read Web Server Logs", 
-                    "next_url": "/docs/configuring-drill-to-read-web-server-logs/", 
-                    "parent": "Configure Drill", 
-                    "previous_title": "Configuring User Impersonation with Hive Authorization",

-                    "previous_url": "/docs/configuring-user-impersonation-with-hive-authorization/",

-                    "relative_path": "_docs/configure-drill/078-configuring-web-ui-and-rest-api-security.md",

-                    "title": "Configuring Web Console and REST API Security", 
-                    "url": "/docs/configuring-web-console-and-rest-api-security/"
-                }, 
-                {
-                    "breadcrumbs": [
-                        {
-                            "title": "Configure Drill", 
-                            "url": "/docs/configure-drill/"
-                        }
-                    ], 
-                    "children": [], 
                     "next_title": "Configuration Options", 
                     "next_url": "/docs/configuration-options/", 
                     "parent": "Configure Drill", 
-                    "previous_title": "Configuring Web Console and REST API Security", 
-                    "previous_url": "/docs/configuring-web-console-and-rest-api-security/",

+                    "previous_title": "Configuring User Authentication", 
+                    "previous_url": "/docs/configuring-user-authentication/", 
                     "relative_path": "_docs/configure-drill/079-configuring-drill-to-read-web-server-logs.md",

                     "title": "Configuring Drill to Read Web Server Logs", 
                     "url": "/docs/configuring-drill-to-read-web-server-logs/"
@@ -1681,8 +1634,8 @@
             "next_title": "Configuration Options", 
             "next_url": "/docs/configuration-options/", 
             "parent": "Configure Drill", 
-            "previous_title": "Configuring Web Console and REST API Security", 
-            "previous_url": "/docs/configuring-web-console-and-rest-api-security/", 
+            "previous_title": "Configuring User Authentication", 
+            "previous_url": "/docs/configuring-user-authentication/", 
             "relative_path": "_docs/configure-drill/079-configuring-drill-to-read-web-server-logs.md",

             "title": "Configuring Drill to Read Web Server Logs", 
             "url": "/docs/configuring-drill-to-read-web-server-logs/"
@@ -1990,8 +1943,8 @@
                 }
             ], 
             "children": [], 
-            "next_title": "Configuring User Impersonation", 
-            "next_url": "/docs/configuring-user-impersonation/", 
+            "next_title": "Configuring User Authentication", 
+            "next_url": "/docs/configuring-user-authentication/", 
             "parent": "Configuring a Multitenant Cluster", 
             "previous_title": "Configuring Multitenant Resources", 
             "previous_url": "/docs/configuring-multitenant-resources/", 
@@ -2166,8 +2119,8 @@
                         }
                     ], 
                     "children": [], 
-                    "next_title": "Configuring User Impersonation", 
-                    "next_url": "/docs/configuring-user-impersonation/", 
+                    "next_title": "Configuring User Authentication", 
+                    "next_url": "/docs/configuring-user-authentication/", 
                     "parent": "Configuring a Multitenant Cluster", 
                     "previous_title": "Configuring Multitenant Resources", 
                     "previous_url": "/docs/configuring-multitenant-resources/", 
@@ -2606,6 +2559,27 @@
             "title": "Core Modules", 
             "url": "/docs/core-modules/"
         }, 
+        "Creating Custom Authenticators": {
+            "breadcrumbs": [
+                {
+                    "title": "Adding Custom Functions to Drill", 
+                    "url": "/docs/adding-custom-functions-to-drill/"
+                }, 
+                {
+                    "title": "Develop Custom Functions", 
+                    "url": "/docs/develop-custom-functions/"
+                }
+            ], 
+            "children": [], 
+            "next_title": "Dynamic UDFs", 
+            "next_url": "/docs/dynamic-udfs/", 
+            "parent": "Adding Custom Functions to Drill", 
+            "previous_title": "Manually Adding Custom Functions to Drill", 
+            "previous_url": "/docs/manually-adding-custom-functions-to-drill/", 
+            "relative_path": "_docs/develop-custom-functions/adding-custom-functions-to-drill/015-creating-custom-authenticators.md",

+            "title": "Creating Custom Authenticators", 
+            "url": "/docs/creating-custom-authenticators/"
+        }, 
         "Custom Function Interfaces": {
             "breadcrumbs": [
                 {
@@ -3252,8 +3226,8 @@
                                 }
                             ], 
                             "children": [], 
-                            "next_title": "Dynamic UDFs", 
-                            "next_url": "/docs/dynamic-udfs/", 
+                            "next_title": "Creating Custom Authenticators", 
+                            "next_url": "/docs/creating-custom-authenticators/", 
                             "parent": "Adding Custom Functions to Drill", 
                             "previous_title": "Adding Custom Functions to Drill Introduction",

                             "previous_url": "/docs/adding-custom-functions-to-drill-introduction/",

@@ -3273,11 +3247,32 @@
                                 }
                             ], 
                             "children": [], 
-                            "next_title": "Using Custom Functions in Queries", 
-                            "next_url": "/docs/using-custom-functions-in-queries/", 
+                            "next_title": "Dynamic UDFs", 
+                            "next_url": "/docs/dynamic-udfs/", 
                             "parent": "Adding Custom Functions to Drill", 
                             "previous_title": "Manually Adding Custom Functions to Drill",

                             "previous_url": "/docs/manually-adding-custom-functions-to-drill/",

+                            "relative_path": "_docs/develop-custom-functions/adding-custom-functions-to-drill/015-creating-custom-authenticators.md",

+                            "title": "Creating Custom Authenticators", 
+                            "url": "/docs/creating-custom-authenticators/"
+                        }, 
+                        {
+                            "breadcrumbs": [
+                                {
+                                    "title": "Adding Custom Functions to Drill", 
+                                    "url": "/docs/adding-custom-functions-to-drill/"
+                                }, 
+                                {
+                                    "title": "Develop Custom Functions", 
+                                    "url": "/docs/develop-custom-functions/"
+                                }
+                            ], 
+                            "children": [], 
+                            "next_title": "Using Custom Functions in Queries", 
+                            "next_url": "/docs/using-custom-functions-in-queries/", 
+                            "parent": "Adding Custom Functions to Drill", 
+                            "previous_title": "Creating Custom Authenticators", 
+                            "previous_url": "/docs/creating-custom-authenticators/", 
                             "relative_path": "_docs/develop-custom-functions/adding-custom-functions-to-drill/020-dynamic-udfs.md",

                             "title": "Dynamic UDFs", 
                             "url": "/docs/dynamic-udfs/"
@@ -3828,8 +3823,8 @@
             "next_title": "Using Custom Functions in Queries", 
             "next_url": "/docs/using-custom-functions-in-queries/", 
             "parent": "Adding Custom Functions to Drill", 
-            "previous_title": "Manually Adding Custom Functions to Drill", 
-            "previous_url": "/docs/manually-adding-custom-functions-to-drill/", 
+            "previous_title": "Creating Custom Authenticators", 
+            "previous_url": "/docs/creating-custom-authenticators/", 
             "relative_path": "_docs/develop-custom-functions/adding-custom-functions-to-drill/020-dynamic-udfs.md",

             "title": "Dynamic UDFs", 
             "url": "/docs/dynamic-udfs/"
@@ -5532,8 +5527,8 @@
                 }
             ], 
             "children": [], 
-            "next_title": "Dynamic UDFs", 
-            "next_url": "/docs/dynamic-udfs/", 
+            "next_title": "Creating Custom Authenticators", 
+            "next_url": "/docs/creating-custom-authenticators/", 
             "parent": "Adding Custom Functions to Drill", 
             "previous_title": "Adding Custom Functions to Drill Introduction", 
             "previous_url": "/docs/adding-custom-functions-to-drill-introduction/", 
@@ -14465,8 +14460,8 @@
                                 }
                             ], 
                             "children": [], 
-                            "next_title": "Configuring User Impersonation", 
-                            "next_url": "/docs/configuring-user-impersonation/", 
+                            "next_title": "Configuring User Authentication", 
+                            "next_url": "/docs/configuring-user-authentication/", 
                             "parent": "Configuring a Multitenant Cluster", 
                             "previous_title": "Configuring Multitenant Resources", 
                             "previous_url": "/docs/configuring-multitenant-resources/", 
@@ -14492,45 +14487,11 @@
                         }
                     ], 
                     "children": [], 
-                    "next_title": "Configuring Inbound Impersonation", 
-                    "next_url": "/docs/configuring-inbound-impersonation/", 
+                    "next_title": "Configuring Drill to Read Web Server Logs", 
+                    "next_url": "/docs/configuring-drill-to-read-web-server-logs/", 
                     "parent": "Configure Drill", 
                     "previous_title": "Configuring Resources for a Shared Drillbit", 
                     "previous_url": "/docs/configuring-resources-for-a-shared-drillbit/",

-                    "relative_path": "_docs/configure-drill/070-configuring-user-impersonation.md",

-                    "title": "Configuring User Impersonation", 
-                    "url": "/docs/configuring-user-impersonation/"
-                }, 
-                {
-                    "breadcrumbs": [
-                        {
-                            "title": "Configure Drill", 
-                            "url": "/docs/configure-drill/"
-                        }
-                    ], 
-                    "children": [], 
-                    "next_title": "Configuring User Authentication", 
-                    "next_url": "/docs/configuring-user-authentication/", 
-                    "parent": "Configure Drill", 
-                    "previous_title": "Configuring User Impersonation", 
-                    "previous_url": "/docs/configuring-user-impersonation/", 
-                    "relative_path": "_docs/configure-drill/071-configure-inbound-impersonation.md",

-                    "title": "Configuring Inbound Impersonation", 
-                    "url": "/docs/configuring-inbound-impersonation/"
-                }, 
-                {
-                    "breadcrumbs": [
-                        {
-                            "title": "Configure Drill", 
-                            "url": "/docs/configure-drill/"
-                        }
-                    ], 
-                    "children": [], 
-                    "next_title": "Configuring User Impersonation with Hive Authorization",

-                    "next_url": "/docs/configuring-user-impersonation-with-hive-authorization/",

-                    "parent": "Configure Drill", 
-                    "previous_title": "Configuring Inbound Impersonation", 
-                    "previous_url": "/docs/configuring-inbound-impersonation/", 
                     "relative_path": "_docs/configure-drill/075-configuring-user-authentication.md",

                     "title": "Configuring User Authentication", 
                     "url": "/docs/configuring-user-authentication/"
@@ -14543,45 +14504,11 @@
                         }
                     ], 
                     "children": [], 
-                    "next_title": "Configuring Web Console and REST API Security", 
-                    "next_url": "/docs/configuring-web-console-and-rest-api-security/", 
-                    "parent": "Configure Drill", 
-                    "previous_title": "Configuring User Authentication", 
-                    "previous_url": "/docs/configuring-user-authentication/", 
-                    "relative_path": "_docs/configure-drill/076-configuring-user-impersonation-with-hive-authorization.md",

-                    "title": "Configuring User Impersonation with Hive Authorization", 
-                    "url": "/docs/configuring-user-impersonation-with-hive-authorization/"
-                }, 
-                {
-                    "breadcrumbs": [
-                        {
-                            "title": "Configure Drill", 
-                            "url": "/docs/configure-drill/"
-                        }
-                    ], 
-                    "children": [], 
-                    "next_title": "Configuring Drill to Read Web Server Logs", 
-                    "next_url": "/docs/configuring-drill-to-read-web-server-logs/", 
-                    "parent": "Configure Drill", 
-                    "previous_title": "Configuring User Impersonation with Hive Authorization",

-                    "previous_url": "/docs/configuring-user-impersonation-with-hive-authorization/",

-                    "relative_path": "_docs/configure-drill/078-configuring-web-ui-and-rest-api-security.md",

-                    "title": "Configuring Web Console and REST API Security", 
-                    "url": "/docs/configuring-web-console-and-rest-api-security/"
-                }, 
-                {
-                    "breadcrumbs": [
-                        {
-                            "title": "Configure Drill", 
-                            "url": "/docs/configure-drill/"
-                        }
-                    ], 
-                    "children": [], 
                     "next_title": "Configuration Options", 
                     "next_url": "/docs/configuration-options/", 
                     "parent": "Configure Drill", 
-                    "previous_title": "Configuring Web Console and REST API Security", 
-                    "previous_url": "/docs/configuring-web-console-and-rest-api-security/",

+                    "previous_title": "Configuring User Authentication", 
+                    "previous_url": "/docs/configuring-user-authentication/", 
                     "relative_path": "_docs/configure-drill/079-configuring-drill-to-read-web-server-logs.md",

                     "title": "Configuring Drill to Read Web Server Logs", 
                     "url": "/docs/configuring-drill-to-read-web-server-logs/"
@@ -18072,8 +17999,8 @@
                                 }
                             ], 
                             "children": [], 
-                            "next_title": "Dynamic UDFs", 
-                            "next_url": "/docs/dynamic-udfs/", 
+                            "next_title": "Creating Custom Authenticators", 
+                            "next_url": "/docs/creating-custom-authenticators/", 
                             "parent": "Adding Custom Functions to Drill", 
                             "previous_title": "Adding Custom Functions to Drill Introduction",

                             "previous_url": "/docs/adding-custom-functions-to-drill-introduction/",

@@ -18093,11 +18020,32 @@
                                 }
                             ], 
                             "children": [], 
-                            "next_title": "Using Custom Functions in Queries", 
-                            "next_url": "/docs/using-custom-functions-in-queries/", 
+                            "next_title": "Dynamic UDFs", 
+                            "next_url": "/docs/dynamic-udfs/", 
                             "parent": "Adding Custom Functions to Drill", 
                             "previous_title": "Manually Adding Custom Functions to Drill",

                             "previous_url": "/docs/manually-adding-custom-functions-to-drill/",

+                            "relative_path": "_docs/develop-custom-functions/adding-custom-functions-to-drill/015-creating-custom-authenticators.md",

+                            "title": "Creating Custom Authenticators", 
+                            "url": "/docs/creating-custom-authenticators/"
+                        }, 
+                        {
+                            "breadcrumbs": [
+                                {
+                                    "title": "Adding Custom Functions to Drill", 
+                                    "url": "/docs/adding-custom-functions-to-drill/"
+                                }, 
+                                {
+                                    "title": "Develop Custom Functions", 
+                                    "url": "/docs/develop-custom-functions/"
+                                }
+                            ], 
+                            "children": [], 
+                            "next_title": "Using Custom Functions in Queries", 
+                            "next_url": "/docs/using-custom-functions-in-queries/", 
+                            "parent": "Adding Custom Functions to Drill", 
+                            "previous_title": "Creating Custom Authenticators", 
+                            "previous_url": "/docs/creating-custom-authenticators/", 
                             "relative_path": "_docs/develop-custom-functions/adding-custom-functions-to-drill/020-dynamic-udfs.md",

                             "title": "Dynamic UDFs", 
                             "url": "/docs/dynamic-udfs/"

http://git-wip-us.apache.org/repos/asf/drill/blob/701dd18e/_docs/configure-drill/075-configuring-user-authentication.md
----------------------------------------------------------------------
diff --git a/_docs/configure-drill/075-configuring-user-authentication.md b/_docs/configure-drill/075-configuring-user-authentication.md
deleted file mode 100644
index fb2f9a0..0000000
--- a/_docs/configure-drill/075-configuring-user-authentication.md
+++ /dev/null
@@ -1,193 +0,0 @@
----
-title: "Configuring User Authentication"
-date: 2016-03-02 00:30:47 UTC
-parent: "Configure Drill"
----
-Authentication is the process of proving a user’s identity to access a process running
on a system. Drill currently supports username/password based authentication through the use
of the Linux Pluggable Authentication Module (PAM). The authentication option is available
through JDBC and ODBC interfaces. Linux PAM provides authentication modules that interface
with any installed PAM authentication entity, such as the local operating system password
file (passwd or login) or LDAP. 
- 
-If user impersonation is enabled, Drill executes the client requests as the authenticated
user. Otherwise, Drill executes client requests as the user that started the Drillbit process.
You can enable both authorization and impersonation to improve Drill security. See [Configuring
User Impersonation]({{site.baseurl}}/docs/configuring-user-impersonation/).
-
-When using PAM for authentication, each user that has permission to run Drill queries must
exist in the list of users that resides on each Drill node in the cluster. The username (including
uid) and password for each user must be identical across all of the Drill nodes. 
-
-If you use PAM with /etc/passwd for authentication, verify that the users with permission
to start the Drill process are part of the shadow user group on all nodes in the cluster.
This enables Drill to read the /etc/shadow file for authentication.  
-
-## Administrator Privileges
-
-When authentication is enabled, only Drill users who are assigned Drill cluster administrator
privileges can perform the following tasks:
-
-* Change a system-level option by issuing an ALTER SYSTEM command
-* Update a storage plugin configuration through the REST API or Web Console
-* View profiles of all queries that all users have run or are currently running in a cluster
-* Cancel running queries that were launched by any user in the cluster
-
-## User Authentication Process
-
-When user authentication is enabled, each user that accesses the Drillbit process through
a client, such as SQLLine, must provide their username and password for access. 
-
-A user can include the `–n` and `–p` parameters with their username and password when
launching SQLLine, as shown in the following example:  
-       `sqlline –u jdbc:drill:zk=10.10.11.112:5181 –n bob –p bobdrill`
-
-Alternatively, a user can launch SQLLine and then issue the `!connect` command to hide the
password, as shown in the following procedure:  
-
-1. Start SQLLine, by running the sqlline script. On Linux, for example:  
-
-              bobsmachine:~$ /etc/drill/bin/sqlline
-              apache drill 1.2.0
-              "a drill in the hand is better than two in the bush"  
-
-2. At the sqlline prompt, enter the `!connect` command followed by `jdbc:drill:zk=zk=<zk
name>[:<port>][,<zk name2>[:<port>]... ]`. For example:
-3. 
-              sqlline> !connect jdbc:drill:zk=localhost:2181
-              scan complete in 1385ms
-3. At the prompts, enter a user name and password.
-4. 
-              Enter username for jdbc:drill:zk=localhost:2181: bob
-              Enter password for jdbc:drill:zk=localhost:2181: *************
-       
-       The password is hidden as it is typed.
-
-  
-When a user connects to Drill from a BI tool, such as Tableau, the MapR Drill ODBC driver
prompts the user for their username and password:
-
-![ODBC Driver]({{site.baseurl}}/docs/img/UserAuth_ODBC_Driver.png)
-
-The client passes the username and password to a Drillbit as part of the connection request,
which then passes the credentials to PAM. If PAM can verify that the user is authorized to
access Drill, the connection is successful, and the user can issues queries against the file
system or other storage plugins, such as Hive or HBase. However, if PAM cannot verify that
the user is authorized to access Drill, the connection is terminated as AUTH_FAILED.
- 
-The following image illustrates the user authentication process in Drill:
-
-![]({{site.baseurl}}/docs/img/UserAuthProcess.PNG)
-
-### Installing and Configuring PAM
-
-Install and configure the provided Drill PAM. Drill only supports the PAM provided here.
Optionally, you can [build and implement a custom authenticator]({{ site.baseurl }}/docs/configuring-user-authentication/#implementing-and-configuring-a-custom-authenticator).

-
-{% include startnote.html %}Do not point to an existing directory where other Hadoop components
are installed. Other file system libraries can conflict with the Drill libraries and cause
system errors.{% include endnote.html %}
- 
-Complete the following steps to install and configure PAM for Drill:
-
-1. Download the `tar.gz` file for the Linux platform:  
-   [http://sourceforge.net/projects/jpam/files/jpam/jpam-1.1/](http://sourceforge.net/projects/jpam/files/jpam/jpam-1.1/)
-2. Untar the file, and copy the `libjpam.so` file into a directory that does not contain
other Hadoop components.  
-   Example:` /opt/pam/`
-3. Add the following line to `<DRILL_HOME>/conf/drill-env.sh`, including the directory
where the `libjpam.so` file is located:  
-  
-     `export DRILLBIT_JAVA_OPTS="-Djava.library.path=<directory>"`  
-
-      Example: `export DRILLBIT_JAVA_OPTS="-Djava.library.path=/opt/pam/"`  
-
-4. Add the following configuration to the `drill.exec` block in `<DRILL_HOME>/conf/drill-override.conf`:
 
-
-          drill.exec {
-           security.user.auth {
-                 enabled: true,
-                 packages += "org.apache.drill.exec.rpc.user.security",
-                 impl: "pam",
-                 pam_profiles: [ "sudo", "login" ]
-           } 
-          }
-
-5. (Optional) To add or remove different PAM profiles, add or delete the profile names in
the `“pam_profiles”` array shown above.  
-6. Restart the Drillbit process on each Drill node. 
- 
-        <DRILLINSTALL_HOME>/bin/drillbit.sh restart
-
-### Implementing and Configuring a Custom Authenticator
-
-Administrators can use the template provided here to develop and implement a custom username/password
based authenticator.
-
-Complete the following steps to build and implement a custom authenticator:
-
-1. Build the following Java file into a JAR file: 
- 
-           MyCustomDrillUserAuthenticatorImpl.java 
-           
-           package myorg.dept.drill.security;
-           
-           import org.apache.drill.common.config.DrillConfig;
-           import org.apache.drill.exec.exception.DrillbitStartupException;
-           
-           import java.io.IOException;
-           
-           /*
-           * Implement {@link org.apache.drill.exec.rpc.user.security.UserAuthenticator}
for illustraing how to develop a custom authenticator and use it in Drill
-           */
-           @UserAuthenticatorTemplate(type = “myCustomAuthenticatorType”)
-           public class MyCustomDrillUserAuthenticatorImpl implements UserAuthenticator {
-           
-            public static final String TEST_USER_1 = "testUser1";
-            public static final String TEST_USER_2 = "testUser2";
-            public static final String TEST_USER_1_PASSWORD = "testUser1Password";
-            public static final String TEST_USER_2_PASSWORD = "testUser2Password";
-           
-           /**
-           * Setup for authenticating user credentials.
-           */
-            @Override
-            public void setup(DrillConfig drillConfig) throws DrillbitStartupException {
-              // If the authenticator has any setup such as making sure authenticator provider
servers are up and running or 
-              // needed libraries are available, it should be added here.
-            }
-           
-           /**
-           * Authenticate the given <i>user</i> and <i>password</i>
combination.
-           *
-           * @param userName
-           * @param password
-           * @throws UserAuthenticationException if authentication fails for given user and
password.
-           */
-            @Override
-            public void authenticate(String userName, String password) throws UserAuthenticationException
{
-           
-              if (!(TEST_USER_1.equals(user) && TEST_USER_1_PASSWORD.equals(password))
&&
-              !(TEST_USER_2.equals(user) && TEST_USER_2_PASSWORD.equals(password)))
{
-            throw new UserAuthenticationException(“custom failure message if the admin
wants to show it to user”);
-              }
-            }
-           
-           /**
-           * Close the authenticator. Used to release resources. Ex. LDAP authenticator opens
connections to LDAP server,
-           * such connections resources are released in a safe manner as part of close.
-           *
-           * @throws IOException
-           */
-            @Override
-            public void close() throws IOException {
-              // Any clean up such as releasing files/network resources should be done here
-            }
-           }  
-
-
-2. Create a file named `drill-module.conf` with the following configuration code and then
add this file to the root of the JAR file: 
-         
-              drill {
-                classpath.scanning {
-                  packages += "myorg.dept.drill.security"
-                }
-              }  
-This enables the custom classpath scanner to locate the new class. 
-3. Add the JAR file that you built to the following directory on each Drill node:  
-   ` <DRILLINSTALL_HOME>/jars`
-3. Add the following configuration to the `drill.exec` block in the `drill-override.conf`
file located in `<DRILLINSTALL_HOME>/conf/`:  
-
-              drill.exec {
-               security.user.auth {
-                	enabled: true,
-                	packages += "myorg.dept.drill.security",
-                	impl: "myCustomAuthenticatorType"
-               }
-              }  
-4. Restart the Drillbit process on each Drill node.
- 
-        <DRILLINSTALL_HOME>/bin/drillbit.sh restart
-       
-
-
-
-
-
-
-
-
-
-
-

http://git-wip-us.apache.org/repos/asf/drill/blob/701dd18e/_docs/configure-drill/securing-drill/010-securing-drill-introduction.md
----------------------------------------------------------------------
diff --git a/_docs/configure-drill/securing-drill/010-securing-drill-introduction.md b/_docs/configure-drill/securing-drill/010-securing-drill-introduction.md
index 9f6e504..2701088 100644
--- a/_docs/configure-drill/securing-drill/010-securing-drill-introduction.md
+++ b/_docs/configure-drill/securing-drill/010-securing-drill-introduction.md
@@ -1,6 +1,6 @@
 ---
 title: "Securing Drill Introduction"
-date: 2017-03-16 01:22:49 UTC
+date: 2017-03-16 01:47:58 UTC
 parent: "Securing Drill"
 ---
 
@@ -8,9 +8,9 @@ Before connecting to a data source, you can configure Drill security features
an
 
 - **Authentication** - Drill supports user authentication to secure clusters with:
 	- Kerberos. 
-		See [Kerberos Authentication]({{site.baseurl}}/docs/configuring-kerberos-authentication/).
+		See [Configuring Kerberos Authentication]({{site.baseurl}}/docs/configuring-kerberos-authentication/).
 	- Username and password (with the Plain mechanism or a Custom Authenticator). See: 
-		- [Plain Authentication]({{site.baseurl}}/docs/configuring-plain-authentication/)  
+		- [Configuring Plain Authentication]({{site.baseurl}}/docs/configuring-plain-authentication/)
 
 		- [Creating Custom Authenticators]({{site.baseurl}}/docs/creating-custom-authenticators)
 	- Digest 
 - **Authorization** - Drill supports restricting an authenticated user's capabilities.

http://git-wip-us.apache.org/repos/asf/drill/blob/701dd18e/_docs/configure-drill/securing-drill/070-configuring-user-authentication.md
----------------------------------------------------------------------
diff --git a/_docs/configure-drill/securing-drill/070-configuring-user-authentication.md b/_docs/configure-drill/securing-drill/070-configuring-user-authentication.md
index e9cdfd0..8848534 100644
--- a/_docs/configure-drill/securing-drill/070-configuring-user-authentication.md
+++ b/_docs/configure-drill/securing-drill/070-configuring-user-authentication.md
@@ -1,12 +1,12 @@
 ---
 title: "Configuring User Authentication"
-date: 2017-03-16 01:22:50 UTC
+date: 2017-03-16 01:48:00 UTC
 parent: "Securing Drill"
 ---
 Authentication is the process of establishing confidence of authenticity. A Drill client
user is authenticated when a drillbit process running in a Drill cluster confirms the identity
it is presented with.  Drill 1.10 supports several authentication mechanisms through which
users can prove their identity before accessing cluster data: 
 
-* **Kerberos** - New in Drill 1.10. See [Kerberos Authentication]({{site.baseurl}}/docs/configuring-kerberos-authentication/).
-* **Plain** [also known as basic authentication (auth), which is username and password-based
authentication, through the Linux Pluggable Authentication Module (PAM)] - See [Plain Authentication]({{site.baseurl}}/docs/configuring-plain-authentication/).
+* **Kerberos** - New in Drill 1.10. See [Configuring Kerberos Authentication]({{site.baseurl}}/docs/configuring-kerberos-authentication/).
+* **Plain** [also known as basic authentication (auth), which is username and password-based
authentication, through the Linux Pluggable Authentication Module (PAM)] - See [Configuring
Plain Authentication]({{site.baseurl}}/docs/configuring-plain-authentication/).
 * **Custom authenticators** - See [Creating Custom Authenticators]({{site.baseurl}}/docs/creating-custom-authenticators).
 
 These authentication options are available through JDBC and ODBC interfaces.

http://git-wip-us.apache.org/repos/asf/drill/blob/701dd18e/_docs/configure-drill/securing-drill/090-configuring-kerberos-auththentication.md
----------------------------------------------------------------------
diff --git a/_docs/configure-drill/securing-drill/090-configuring-kerberos-auththentication.md
b/_docs/configure-drill/securing-drill/090-configuring-kerberos-auththentication.md
index 34b9929..5f2953c 100644
--- a/_docs/configure-drill/securing-drill/090-configuring-kerberos-auththentication.md
+++ b/_docs/configure-drill/securing-drill/090-configuring-kerberos-auththentication.md
@@ -1,6 +1,6 @@
 ---
 title: "Configuring Kerberos Authentication"
-date: 2017-03-16 01:22:54 UTC
+date: 2017-03-16 01:48:02 UTC
 parent: "Securing Drill"
 ---
 As of version 1.10, Drill supports Kerberos v5 network security authentication.  Kerberos
allows trusted hosts to prove their identity over a network to an information system.  A Kerberos
realm is unique authentication domain. A centralized key distribution center (KDC) coordinates
authentication between a clients and servers. Clients and servers obtain and use tickets from
the KDC using a special keytab file to communicate with the KDC and prove their identity to
gain access to a drillbit.  Administrators must create principal (user or server) identities
and passwords to ensure the secure exchange of mutual authentication information passed to
and from the drillbit. 
@@ -52,56 +52,53 @@ Drill must  run as a user capable of impersonation. The Kerberos provider
in the
 ---
 
 
-![Kerberos Client-Server Connection](http://i.imgur.com/04S0vss.png)
+![Kerberos Client-Server Connection](http://i.imgur.com/04S0vss.png)  
 
+1. Create a Kerberos principal identity and a keytab file.  You can create one principal
for each drillbit or one principal for all drillbits in a cluster. The drill.keytab file must
be owned by and readable by the administrator user. 
+       * For a single principal per node in cluster:
+       
 
-
-
-1. Create a Kerberos principal identity and a keytab file.  You can create one principal
for each drillbit or one principal for all drillbits in a cluster. The drill.keytab file must
be owned by and readable by the administrator user.
-  - For a single principal per node in cluster:
-
-			# kadmin  
+            # kadmin  
 			: addprinc -randkey <username>/<FQDN>@<REALM>.COM  
 			: ktadd -k /opt/mapr/conf/drill.keytab <username>/<FQDN>@<REALM>.COM
+       * For a single principal per cluster, use `<clustername>` instead of `<FQDN>`:
+       
 
-		(where FQDN is the hostname of the drillbit server. If you have multiple servers, you must
create a principal and keytab for each server.)
-	
-	- For a single principal per cluster, use `<clustername>` instead of `<FQDN>`:
-
-			# kadmin  
+            # kadmin  
 			: addprinc -randkey <username>/<clustername>@<REALM>.COM  
 			: ktadd -k /opt/mapr/conf/drill.keytab <username>/<FQDN>@<REALM>.COM
-2. Add the Kerberos principal identity and keytab file to the `drill-override.conf` file.
-
-	- The instance name must be lowercase. Also, if \_HOST is set as the instance name in the
principal, it is replaced with the fully qualified domain name of that host for the instance
name. For example, if a drillbit running on `host01.aws.lab` uses `drill/_HOST@<EXAMPLE>.COM`
as the principal, the canonicalized principal is `drill/host01.aws.lab@<EXAMPLE>.COM`.
 
-
-		    drill.exec {  
-   				security: {  
- 					user.auth.enabled:true,  
- 					auth.mechanisms:[“KERBEROS”],  
- 					auth.principal:“drill/<clustername>@<REALM>.COM”,  
- 					auth.keytab:“/etc/drill/conf/drill.keytab”  
-				}  
-			}   
-	- To configure multiple mechanisms, extend the mechanisms list and provide additional configuration
parameters. For example, the following configuration enables Kerberos and Plain (username
and password) mechanisms. See Installing and Configuring Plain Authentication for PAM configuration
instructions.  
-
-			drill.exec: {  
-				security: {  
-					user.auth.enabled:true,  
-					user.auth.impl:"pam",  
-					user.auth.pam_profile:["sudo", "login"],  
-					auth.mechanisms:["KERBEROS","PLAIN"],  
-					auth.principal:"drill/<clustername>@<REALM>.COM",  
-					auth.keytab:"/etc/drill/conf/drill.keytab"  
+       
+
+2. Add the Kerberos principal identity and keytab file to the `drill-override.conf` file.
 
+ * The instance name must be lowercase. Also, if \_HOST is set as the instance name in the
principal, it is replaced with the fully qualified domain name of that host for the instance
name. For example, if a drillbit running on `host01.aws.lab` uses `drill/_HOST@<EXAMPLE>.COM`
as the principal, the canonicalized principal is `drill/host01.aws.lab@<EXAMPLE>.COM`.

+ 
+   
+             drill.exec {  
+   			    security: {  
+ 			      user.auth.enabled:true,  
+ 			      auth.mechanisms:[“KERBEROS”],  
+ 			      auth.principal:“drill/<clustername>@<REALM>.COM”,  
+ 			      auth.keytab:“/etc/drill/conf/drill.keytab”  
 				}  
-			}   
-
-	
-
-
-3 . Restart the drillbit process on each Drill node.
+			}  
+  
+   * To configure multiple mechanisms, extend the mechanisms list and provide additional
configuration parameters. For example, the following configuration enables Kerberos and Plain
(username and password) mechanisms. See Installing and Configuring Plain Authentication for
PAM configuration instructions. 
+   * 
+             drill.exec: {  
+              	security: {  
+              	   user.auth.enabled:true,  
+              	   user.auth.impl:"pam",  
+              	   user.auth.pam_profile:["sudo", "login"],  
+              	   auth.mechanisms:["KERBEROS","PLAIN"],  
+              	   auth.principal:"drill/<clustername>@<REALM>.COM",  
+              	   auth.keytab:"/etc/drill/conf/drill.keytab"  
+              		}  
+              	}    
+   
+ 
+3. Restart the drillbit process on each Drill node.  
+`<DRILLINSTALL_HOME>/bin/drillbit.sh restart`
 
-	`<DRILLINSTALL_HOME>/bin/drillbit.sh restart`
 
 ## Using Connection URLs
 


Mime
View raw message