drill-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bridg...@apache.org
Subject drill git commit: edits to authentication docs
Date Wed, 17 May 2017 01:39:56 GMT
Repository: drill
Updated Branches:
  refs/heads/gh-pages 208485234 -> d2e8282fb


edits to authentication docs


Project: http://git-wip-us.apache.org/repos/asf/drill/repo
Commit: http://git-wip-us.apache.org/repos/asf/drill/commit/d2e8282f
Tree: http://git-wip-us.apache.org/repos/asf/drill/tree/d2e8282f
Diff: http://git-wip-us.apache.org/repos/asf/drill/diff/d2e8282f

Branch: refs/heads/gh-pages
Commit: d2e8282fbee20e0dc7289ca3c2c5fabdd47b39f4
Parents: 2084852
Author: Bridget Bevens <bbevens@maprtech.com>
Authored: Tue May 16 18:38:48 2017 -0700
Committer: Bridget Bevens <bbevens@maprtech.com>
Committed: Tue May 16 18:38:48 2017 -0700

----------------------------------------------------------------------
 .../070-configuring-user-authentication.md           |  7 ++++---
 .../080-configuring-plain-authentication.md          | 11 +++--------
 .../090-configuring-kerberos-auththentication.md     | 15 ++++++---------
 3 files changed, 13 insertions(+), 20 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/drill/blob/d2e8282f/_docs/configure-drill/securing-drill/070-configuring-user-authentication.md
----------------------------------------------------------------------
diff --git a/_docs/configure-drill/securing-drill/070-configuring-user-authentication.md b/_docs/configure-drill/securing-drill/070-configuring-user-authentication.md
index daa0016..27aa9c1 100644
--- a/_docs/configure-drill/securing-drill/070-configuring-user-authentication.md
+++ b/_docs/configure-drill/securing-drill/070-configuring-user-authentication.md
@@ -1,6 +1,6 @@
 ---
 title: "Configuring User Authentication"
-date: 2017-05-17 01:11:27 UTC
+date: 2017-05-17 01:38:49 UTC
 parent: "Securing Drill"
 ---
 Authentication is the process of establishing confidence of authenticity. A Drill client
user is authenticated when a drillbit process running in a Drill cluster confirms the identity
it is presented with.  Drill 1.10 supports several authentication mechanisms through which
users can prove their identity before accessing cluster data: 
@@ -12,8 +12,9 @@ Authentication is the process of establishing confidence of authenticity.
A Dril
 These authentication options are available through JDBC and ODBC interfaces.  
 
 
-{% include startnote.html %}Enabling both [user impersonation]({{site.baseurl}}/docs/configuring-user-impersonation/)
and authentication is recommended to restrict access to data and improve security. When user
impersonation is enabled, Drill executes the client requests as 
-the authenticated user. Otherwise, Drill executes client requests as the user that started
the drillbit process.{% include endnote.html %}
+{% include startnote.html %}Enabling both user impersonation and authentication is recommended
to restrict access to data and improve security. When user impersonation is enabled, Drill
executes the client requests as the authenticated user. Otherwise, Drill executes client requests
as the user that started the drillbit process.{% include endnote.html %}  
+
+For more information, see [Configuring User Impersonation]({{site.baseurl}}/docs/configuring-user-impersonation/).

 
 
 

http://git-wip-us.apache.org/repos/asf/drill/blob/d2e8282f/_docs/configure-drill/securing-drill/080-configuring-plain-authentication.md
----------------------------------------------------------------------
diff --git a/_docs/configure-drill/securing-drill/080-configuring-plain-authentication.md
b/_docs/configure-drill/securing-drill/080-configuring-plain-authentication.md
index 174f3e4..5a4209c 100644
--- a/_docs/configure-drill/securing-drill/080-configuring-plain-authentication.md
+++ b/_docs/configure-drill/securing-drill/080-configuring-plain-authentication.md
@@ -1,6 +1,6 @@
 ---
 title: "Configuring Plain Authentication"
-date: 2017-05-17 01:11:30 UTC
+date: 2017-05-17 01:38:50 UTC
 parent: "Securing Drill"
 ---
 Linux PAM provides a Plain (or username and password) authentication module that interface
with any installed PAM authentication entity, such as the local operating system password
file (`/etc/passwd`) or LDAP. 
@@ -61,15 +61,10 @@ To connect to a Drill from a BI tool, such as Tableau, the ODBC driver
prompts y
 
 ##Installing and Configuring Plain Authentication
 
-Install and configure the provided Drill PAM for Plain (or username and password) authentication.
Drill only supports the PAM provided here. Optionally, you can build and implement a custom
authenticator.
+Install and configure the provided Drill PAM for Plain (or username and password) authentication.
Drill only supports the PAM provided here. Optionally, you can build and implement a custom
authenticator.  
 
----
-
-**Note**
+{% include startnote.html %}Do not point to an existing directory where other Hadoop components
are installed. Other file system libraries can conflict with the Drill libraries and cause
system errors.{% include endnote.html %}
 
-Do not point to an existing directory where other Hadoop components are installed. Other
file system libraries can conflict with the Drill libraries and cause system errors. 
-
----
 
 Complete the following steps to install and configure PAM for Drill:
 

http://git-wip-us.apache.org/repos/asf/drill/blob/d2e8282f/_docs/configure-drill/securing-drill/090-configuring-kerberos-auththentication.md
----------------------------------------------------------------------
diff --git a/_docs/configure-drill/securing-drill/090-configuring-kerberos-auththentication.md
b/_docs/configure-drill/securing-drill/090-configuring-kerberos-auththentication.md
index bff66d2..172146a 100644
--- a/_docs/configure-drill/securing-drill/090-configuring-kerberos-auththentication.md
+++ b/_docs/configure-drill/securing-drill/090-configuring-kerberos-auththentication.md
@@ -1,13 +1,15 @@
 ---
 title: "Configuring Kerberos Authentication"
-date: 2017-05-17 01:11:31 UTC
+date: 2017-05-17 01:38:52 UTC
 parent: "Securing Drill"
 ---
 In release 1.10 Drill supports Kerberos v5 network security authentication.  To use Kerberos
with Drill and establish connectivity, use the JDBC driver packaged with Drill 1.10.
 
 Kerberos allows trusted hosts to prove their identity over a network to an information system.
 A Kerberos *realm* is unique authentication domain. A centralized *key distribution center
(KDC)* coordinates authentication between a clients and servers. Clients and servers obtain
and use tickets from the KDC using a special *keytab* file to communicate with the KDC and
prove their identity to gain access to a drillbit.  Administrators must create *principal*
(user or server) identities and passwords to ensure the secure exchange of mutual authentication
information passed to and from the drillbit.   
 
-{% include startnote.html %}Proper setup, configuration, administration, and usage of a Kerberos
environment is beyond the scope of this documentation.  See the [MIT Kerberos](http://web.mit.edu/kerberos/
"MIT Kerberos") documentation for information about Kerberos.{% include endnote.html %}  
+{% include startnote.html %}Proper setup, configuration, administration, and usage of a Kerberos
environment is beyond the scope of this documentation.{% include endnote.html %}  
+
+See the [MIT Kerberos](http://web.mit.edu/kerberos/ "MIT Kerberos") documentation for information
about Kerberos.  
 
 
 ## Prerequisites
@@ -172,15 +174,10 @@ The service principal format is `<primary>/<instance>@<realm
from TGT>`. The ser
 #### Examples of Connection URLs Used with Previously Generated TGTs
 If you do not provide a service principal in the connection string when using Kerberos authentication,
then use the `service_name` or `service_host` parameters. Since these parameters are optional,
their default values will be used internally (if not provided) to create a valid principal.
 
-Examples 2 through 4 show a valid connection string for Kerberos authentication if a client
has previously generated a TGT.  Realm information will be extracted from the TGT if it is
not provided. 
-
----
+Examples 2 through 4 show a valid connection string for Kerberos authentication if a client
has previously generated a TGT.  Realm information will be extracted from the TGT if it is
not provided.  
 
-**Note**
+{% include startnote.html %}For end-to-end authentication to function, it is assumed that
the proper principal for the drillbit service is configured in the KDC.{% include endnote.html
%}
 
-For end-to-end authentication to function, it is assumed that the proper principal for the
drillbit service is configured in the KDC.
-
----
 
 ##### Example 2: Drillbit Provided by Direct Connection String and Configured with a Unique
Service Principal
 


Mime
View raw message