Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 2DBEF200C5E for ; Fri, 7 Apr 2017 20:06:47 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 2AFE1160B97; Fri, 7 Apr 2017 18:06:47 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 53D04160B84 for ; Fri, 7 Apr 2017 20:06:46 +0200 (CEST) Received: (qmail 81732 invoked by uid 500); 7 Apr 2017 18:06:45 -0000 Mailing-List: contact issues-help@drill.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@drill.apache.org Delivered-To: mailing list issues@drill.apache.org Received: (qmail 81722 invoked by uid 99); 7 Apr 2017 18:06:45 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Apr 2017 18:06:45 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id DD79318F4C0 for ; Fri, 7 Apr 2017 18:06:44 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -100.002 X-Spam-Level: X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31 tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id H-gAM9q6p3Qv for ; Fri, 7 Apr 2017 18:06:43 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 0FB395FBFC for ; Fri, 7 Apr 2017 18:06:43 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 6F01FE0D1E for ; Fri, 7 Apr 2017 18:06:42 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id BC59B24071 for ; Fri, 7 Apr 2017 18:06:41 +0000 (UTC) Date: Fri, 7 Apr 2017 18:06:41 +0000 (UTC) From: "Diego (JIRA)" To: issues@drill.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (DRILL-4280) Kerberos Authentication MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Fri, 07 Apr 2017 18:06:47 -0000 [ https://issues.apache.org/jira/browse/DRILL-4280?page=3Dcom.atlassian= .jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D1596= 1202#comment-15961202 ]=20 Diego commented on DRILL-4280: ------------------------------- Hi, I'm using drill 1.10.0 and I enabled kerberos on drill-override.conf as des= cribed in the documentation drill.exec { =20 security: { =20 user.auth.enabled:true, =20 auth.mechanisms:[=E2=80=9CKERBEROS=E2=80=9D], =20 auth.principal:=E2=80=9C/@.COM=E2=80=9D, = =20 auth.keytab:=E2=80=9C/etc/drill/conf/drill.keytab=E2=80=9D =20 } =20 }=20 however, when starting the drillbit process, the webserver is not starting = and is showing this warning: [main] WARN o.a.drill.exec.server.rest.WebServer - Not starting web server= . Currently Drill supports web authentication only through username/passwor= d. But PLAIN mechanism is not configured. 2017-04-07 13:41:18,513 [main] INFO o.a.d.exec.server.BootStrapContext - P= rocess user name: 'user' and logged in successfully as '/@<= REALM>.COM' 2017-04-07 13:41:18,526 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 2 classes for org.apache.drill.exec.rpc.security.AuthenticatorFactory = took 2ms 2017-04-07 13:41:18,527 [main] INFO o.a.d.e.r.s.AuthenticatorProviderImpl = - Configured authentication mechanisms: [kerberos] 2017-04-07 13:41:18,877 [main] INFO o.a.d.e.s.s.PersistentStoreRegistry - = Using the configured PStoreProvider class: 'org.apache.drill.exec.store.sys= .store.provider.ZookeeperPersistentStoreProvider'. 2017-04-07 13:41:19,123 [main] INFO o.a.d.e.r.user.UserConnectionConfig - = Configured all user connections to require authentication using: [kerberos] 2017-04-07 13:41:19,129 [main] INFO o.apache.drill.exec.server.Drillbit - = Construction completed (1177 ms). 2017-04-07 13:41:19,416 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 16 classes for org.apache.drill.common.logical.data.LogicalOperator to= ok 8ms 2017-04-07 13:41:19,424 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 10 classes for org.apache.drill.common.logical.StoragePluginConfig too= k 5ms 2017-04-07 13:41:19,427 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 7 classes for org.apache.drill.common.logical.FormatPluginConfig took = 2ms 2017-04-07 13:41:19,576 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 63 classes for org.apache.drill.exec.physical.base.PhysicalOperator to= ok 66ms 2017-04-07 13:41:19,682 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 37 classes for org.apache.drill.exec.physical.impl.BatchCreator took 2= 5ms 2017-04-07 13:41:19,687 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 5 classes for org.apache.drill.exec.physical.impl.RootCreator took 2ms 2017-04-07 13:41:20,266 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 1 classes for org.apache.drill.exec.expr.fn.PluggableFunctionRegistry = took 4ms ... 2017-04-07 13:41:21,041 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 114 classes for org.apache.hadoop.hive.ql.udf.generic.GenericUDF took = 65ms 2017-04-07 13:41:21,405 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 68 classes for org.apache.hadoop.hive.ql.exec.UDF took 180ms 2017-04-07 13:41:21,426 [main] INFO o.a.d.e.e.f.FunctionImplementationRegi= stry - Function registry loaded. 433 functions loaded in 1706 ms. 2017-04-07 13:41:21,434 [main] INFO o.a.d.e.e.f.FunctionImplementationRegi= stry - Created and validated local udf directory [/tmp/drill/drillbits/udf/= udf/local] 2017-04-07 13:41:21,437 [main] INFO o.a.drill.exec.compile.CodeCompiler - = Plain java code generation preferred: false 2017-04-07 13:41:21,612 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 9 classes for org.apache.drill.exec.store.StoragePlugin took 21ms 2017-04-07 13:41:21,760 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 6 classes for org.apache.drill.exec.store.dfs.FormatPlugin took 21ms 2017-04-07 13:41:21,775 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 7 classes for org.apache.drill.common.logical.FormatPluginConfig took = 0ms 2017-04-07 13:41:21,797 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 6 classes for org.apache.drill.exec.store.dfs.FormatPlugin took 0ms 2017-04-07 13:41:21,799 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 7 classes for org.apache.drill.common.logical.FormatPluginConfig took = 0ms 2017-04-07 13:41:21,799 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 7 classes for org.apache.drill.common.logical.FormatPluginConfig took = 0ms 2017-04-07 13:41:21,799 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 7 classes for org.apache.drill.common.logical.FormatPluginConfig took = 0ms 2017-04-07 13:41:21,820 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 6 classes for org.apache.drill.exec.store.dfs.FormatPlugin took 0ms 2017-04-07 13:41:21,823 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 7 classes for org.apache.drill.common.logical.FormatPluginConfig took = 0ms 2017-04-07 13:41:21,823 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 7 classes for org.apache.drill.common.logical.FormatPluginConfig took = 0ms 2017-04-07 13:41:21,823 [main] INFO o.a.d.c.s.persistence.ScanResult - loa= ding 7 classes for org.apache.drill.common.logical.FormatPluginConfig took = 0ms 2017-04-07 13:41:21,986 [main] INFO o.a.d.e.e.f.r.RemoteFunctionRegistry -= Preparing three remote udf areas: staging, registry and tmp. 2017-04-07 13:41:22,018 [main] INFO o.a.d.e.e.f.r.RemoteFunctionRegistry -= Created remote udf area [/drill/drillbits/udf/registry] on file system [fi= le:///] 2017-04-07 13:41:22,022 [main] INFO o.a.d.e.e.f.r.RemoteFunctionRegistry -= Created remote udf area [/drill/drillbits/udf/staging] on file system [fil= e:///] 2017-04-07 13:41:22,027 [main] INFO o.a.d.e.e.f.r.RemoteFunctionRegistry -= Created remote udf area [/drill/drillbits/udf/tmp] on file system [file://= /] 2017-04-07 13:41:22,046 [main] WARN o.a.drill.exec.server.rest.WebServer -= Not starting web server. Currently Drill supports web authentication only = through username/password. But PLAIN mechanism is not configured. 2017-04-07 13:41:22,047 [main] INFO o.apache.drill.exec.server.Drillbit - = Startup completed (2918 ms). If kerberos is configured (o.a.d.e.r.s.AuthenticatorProviderImpl - Configur= ed authentication mechanisms: [kerberos]), should the web server ask for PL= AIN? > Kerberos Authentication > ----------------------- > > Key: DRILL-4280 > URL: https://issues.apache.org/jira/browse/DRILL-4280 > Project: Apache Drill > Issue Type: Improvement > Reporter: Keys Botzum > Assignee: Sudheesh Katkam > Labels: security > Fix For: 1.10.0 > > > Drill should support Kerberos based authentication from clients. This mea= ns that both the ODBC and JDBC drivers as well as the web/REST interfaces s= hould support inbound Kerberos. For Web this would most likely be SPNEGO wh= ile for ODBC and JDBC this will be more generic Kerberos. > Since Hive and much of Hadoop supports Kerberos there is a potential for = a lot of reuse of ideas if not implementation. > Note that this is related to but not the same as https://issues.apache.or= g/jira/browse/DRILL-3584=20 -- This message was sent by Atlassian JIRA (v6.3.15#6346)