[jira] [Commented] (DRILL-4280) Kerberos Authentication

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/DRILL-4280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15850931#comment-15850931
 ] 

ASF GitHub Bot commented on DRILL-4280:
---------------------------------------

Github user sohami commented on a diff in the pull request:

    https://github.com/apache/drill/pull/578#discussion_r99257662
  
    --- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/control/BitConnectionConfigImpl.java
 ---
    @@ -0,0 +1,121 @@
    +/**
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + * http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +package org.apache.drill.exec.rpc.control;
    +
    +import org.apache.drill.common.KerberosUtil;
    +import org.apache.drill.common.config.DrillConfig;
    +import org.apache.drill.common.config.DrillProperties;
    +import org.apache.drill.exec.ExecConstants;
    +import org.apache.drill.exec.memory.BufferAllocator;
    +import org.apache.drill.exec.proto.CoordinationProtos.DrillbitEndpoint;
    +import org.apache.drill.exec.rpc.BitConnectionConfig;
    +import org.apache.drill.exec.rpc.security.AuthenticatorProvider;
    +import org.apache.drill.exec.server.BootStrapContext;
    +import org.apache.drill.exec.work.batch.ControlMessageHandler;
    +import org.apache.hadoop.security.HadoopKerberosName;
    +import org.apache.hadoop.security.UserGroupInformation;
    +
    +import java.io.IOException;
    +import java.util.Map;
    +
    +// package private
    +class BitConnectionConfigImpl implements BitConnectionConfig {
    +//    private static final org.slf4j.Logger logger = 
org.slf4j.LoggerFactory.getLogger(BitConnectionConfigImpl.class);
    +
    +  private final BufferAllocator allocator;
    +  private final BootStrapContext context;
    +  private final ControlMessageHandler handler;
    +
    +  private final AuthenticatorProvider authProvider;
    +  private final String authMechanismToUse;
    +  private final String clusterId;
    +
    +  private DrillbitEndpoint localEndpoint;
    +
    +  BitConnectionConfigImpl(BufferAllocator allocator, BootStrapContext 
context, ControlMessageHandler handler) {
    +    this.allocator = allocator;
    +    this.context = context;
    +    this.handler = handler;
    +
    +    final DrillConfig config = context.getConfig();
    +    this.authProvider = 
config.getBoolean(ExecConstants.BIT_AUTHENTICATION_ENABLED)
    +        ? context.getAuthProvider()
    +        : null;
    +    this.authMechanismToUse = 
config.getBoolean(ExecConstants.BIT_AUTHENTICATION_ENABLED)
    +            ? config.getString(ExecConstants.BIT_AUTHENTICATION_MECHANISM)
    +            : null;
    +    this.clusterId = 
config.getBoolean(ExecConstants.USE_CLUSTER_ID_AS_KERBEROS_INSTANCE_NAME)
    --- End diff --
    
    Seems like we are missing this check when authentication is enabled. Same 
for Data implementation
    
    ```
    if (authProvider.getAllFactoryNames().size() == 0) {
            throw new DrillbitStartupException("Authentication enabled, but no 
mechanisms found. Please check " +
                "authentication configuration.");
          }
    ```


> Kerberos Authentication
> -----------------------
>
>                 Key: DRILL-4280
>                 URL: https://issues.apache.org/jira/browse/DRILL-4280
>             Project: Apache Drill
>          Issue Type: Improvement
>            Reporter: Keys Botzum
>            Assignee: Sudheesh Katkam
>              Labels: security
>
> Drill should support Kerberos based authentication from clients. This means 
> that both the ODBC and JDBC drivers as well as the web/REST interfaces should 
> support inbound Kerberos. For Web this would most likely be SPNEGO while for 
> ODBC and JDBC this will be more generic Kerberos.
> Since Hive and much of Hadoop supports Kerberos there is a potential for a 
> lot of reuse of ideas if not implementation.
> Note that this is related to but not the same as 
> https://issues.apache.org/jira/browse/DRILL-3584 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)