drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-4280) Kerberos Authentication
Date Wed, 02 Nov 2016 23:57:58 GMT

    [ https://issues.apache.org/jira/browse/DRILL-4280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15630961#comment-15630961
] 

ASF GitHub Bot commented on DRILL-4280:
---------------------------------------

Github user sudheeshkatkam commented on a diff in the pull request:

    https://github.com/apache/drill/pull/578#discussion_r86268011
  
    --- Diff: exec/java-exec/src/test/java/org/apache/drill/exec/rpc/security/SimpleServer.java
---
    @@ -0,0 +1,138 @@
    +/**
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + * <p/>
    + * http://www.apache.org/licenses/LICENSE-2.0
    + * <p/>
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +package org.apache.drill.exec.rpc.security;
    +
    +import com.google.common.primitives.Ints;
    +
    +import javax.security.auth.callback.CallbackHandler;
    +import javax.security.sasl.SaslException;
    +import javax.security.sasl.SaslServer;
    +import javax.security.sasl.SaslServerFactory;
    +import java.util.Map;
    +
    +public class SimpleServer implements SaslServer {
    +
    +  private boolean completed;
    +  private String authorizationId;
    +  private final int total;
    +  private int count = 0;
    +
    +  SimpleServer(final int total) {
    +    this.total = total;
    +  }
    +
    +  @Override
    +  public String getMechanismName() {
    +    return SimpleProvider.MECHANISM_NAME;
    +  }
    +
    +  @Override
    +  public byte[] evaluateResponse(byte[] response) throws SaslException {
    +    if (completed) {
    +      throw new IllegalStateException("SimpleSasl authentication already completed");
    +    }
    +    if (response == null || response.length < 1) {
    +      throw new SaslException("Received challenge is empty when secret expected");
    +    }
    +
    +    if (count == 0) { // first expect authorization ID
    +      //This SaslServer simply permits a client to authenticate according to whatever
username
    +      //was supplied in client's response[]
    +      authorizationId = new String(response);
    --- End diff --
    
    Fixed.


> Kerberos Authentication
> -----------------------
>
>                 Key: DRILL-4280
>                 URL: https://issues.apache.org/jira/browse/DRILL-4280
>             Project: Apache Drill
>          Issue Type: Improvement
>            Reporter: Keys Botzum
>            Assignee: Chunhui Shi
>              Labels: security
>
> Drill should support Kerberos based authentication from clients. This means that both
the ODBC and JDBC drivers as well as the web/REST interfaces should support inbound Kerberos.
For Web this would most likely be SPNEGO while for ODBC and JDBC this will be more generic
Kerberos.
> Since Hive and much of Hadoop supports Kerberos there is a potential for a lot of reuse
of ideas if not implementation.
> Note that this is related to but not the same as https://issues.apache.org/jira/browse/DRILL-3584




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message