GitHub user sudheeshkatkam opened a pull request:
https://github.com/apache/drill/pull/578
DRILL-4280: Kerberos Authentication
I am posting these changes from review. There are four commits in this pull
request. All changes squashed are in [this
branch](https://github.com/sudheeshkatkam/drill/tree/DRILL-4280-squashed).
There are 4 more commits that are in the squashed branch but not in this PR
(tests, client changes including C++, etc.)
The last commit (not here yet) will move forward the RPC version that will
starting using SASL for authentication.
Please refer to the design doc for details.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/sudheeshkatkam/drill DRILL-4280-PR
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/drill/pull/578.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #578
----
commit e4b0c6afdc358123fc6b6e911cf37ec347bda242
Author: Sudheesh Katkam <[email protected]>
Date: 2016-07-25T21:48:15Z
DRILL-4280: HYGIENE
+ Pass references of BootstrapContext to ServiceEngine and down
commit 27a1638e2f2eb3aaf582c3d3398960d6dcee979b
Author: Sudheesh Katkam <[email protected]>
Date: 2016-07-25T22:47:37Z
DRILL-4280: CORE
+ Define SaslStatus and SaslMessage messages in protocol
+ Add new "authenticationMechanisms" field to BitToUserHandshake
commit 409318de6b7b73467c8d1052c7e5eacb72cbeb07
Author: Sudheesh Katkam <[email protected]>
Date: 2016-07-26T21:42:49Z
DRILL-4280: CORE
+ Add new RequestHandler interface, and two implementations used in
UserServer to handle authentication first and then query requests
+ UserAuthenticationHandler handles SASL messages on server side
+ Move UserServer#handle logic to UserServerRequestHandler
+ Add authenticate method in UserClient
commit 692755b3991c33a501cc36238d9f9c04f66fe068
Author: Sudheesh Katkam <[email protected]>
Date: 2016-08-31T17:40:53Z
DRILL-4280: CORE
+ Add AuthenticationMechanism interface
+ Kerberos implementation
+ includes SaslServer and SaslClient wrappers
+ Plain implementation
+ PlainServer implements SaslServer (unavailable in Java)
for username/password based authentication
+ retrofit user authenticator
+ add logic for backward compatibility
+ Custom SASL mechanisms are discovered through the SaslMechanism
annotation
+ FastSaslServerFactory caches SaslServer factories
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
