drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-4280) Kerberos Authentication
Date Wed, 14 Sep 2016 17:44:20 GMT

    [ https://issues.apache.org/jira/browse/DRILL-4280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15491028#comment-15491028
] 

ASF GitHub Bot commented on DRILL-4280:
---------------------------------------

Github user chunhui-shi commented on a diff in the pull request:

    https://github.com/apache/drill/pull/578#discussion_r78798093
  
    --- Diff: exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/UserServer.java
---
    @@ -246,28 +154,80 @@ protected void handle(UserClientConnectionImpl connection, int rpcType,
ByteBuf
       public class UserClientConnectionImpl extends RemoteConnection implements UserClientConnection
{
     
         private UserSession session;
    +    private SaslServer saslServer;
    +    private RequestHandler<UserClientConnectionImpl> currentHandler;
    +    private UserToBitHandshake inbound;
     
         public UserClientConnectionImpl(SocketChannel channel) {
           super(channel, "user client");
    +      currentHandler = authFactory == null ? handler : new UserServerAuthenticationHandler(handler);
         }
     
         void disableReadTimeout() {
           getChannel().pipeline().remove(BasicServer.TIMEOUT_HANDLER);
         }
     
    -    void setUser(final UserToBitHandshake inbound) throws IOException {
    +    void setHandshake(final UserToBitHandshake inbound) throws IOException {
    +      this.inbound = inbound;
    +    }
    +
    +    void initSaslServer(final String mechanismName, final Map<String, ?> properties)
    +        throws IllegalStateException, SaslException {
    +      if (saslServer != null) {
    +        throw new IllegalStateException("SASL server already initialized.");
    +      }
    +      this.saslServer = authFactory.getMechanism(mechanismName)
    --- End diff --
    
    It should be the responsibility of class AuthenticationMechanismFactory to decide what
mechanism to provide. Right? So AuthenticationMechanismFactory may also need 'properties'
to decide what mechanism to ask for. E.g. Some company may want connections from out of VPN
or in VPN to use different mechanisms.


> Kerberos Authentication
> -----------------------
>
>                 Key: DRILL-4280
>                 URL: https://issues.apache.org/jira/browse/DRILL-4280
>             Project: Apache Drill
>          Issue Type: Improvement
>            Reporter: Keys Botzum
>            Assignee: Sudheesh Katkam
>              Labels: security
>
> Drill should support Kerberos based authentication from clients. This means that both
the ODBC and JDBC drivers as well as the web/REST interfaces should support inbound Kerberos.
For Web this would most likely be SPNEGO while for ODBC and JDBC this will be more generic
Kerberos.
> Since Hive and much of Hadoop supports Kerberos there is a potential for a lot of reuse
of ideas if not implementation.
> Note that this is related to but not the same as https://issues.apache.org/jira/browse/DRILL-3584




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message