[ https://issues.apache.org/jira/browse/DRILL-4280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15850931#comment-15850931 ]
ASF GitHub Bot commented on DRILL-4280: --------------------------------------- Github user sohami commented on a diff in the pull request: https://github.com/apache/drill/pull/578#discussion_r99257662 --- Diff: exec/java-exec/src/main/java/org/apache/drill/exec/rpc/control/BitConnectionConfigImpl.java --- @@ -0,0 +1,121 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.drill.exec.rpc.control; + +import org.apache.drill.common.KerberosUtil; +import org.apache.drill.common.config.DrillConfig; +import org.apache.drill.common.config.DrillProperties; +import org.apache.drill.exec.ExecConstants; +import org.apache.drill.exec.memory.BufferAllocator; +import org.apache.drill.exec.proto.CoordinationProtos.DrillbitEndpoint; +import org.apache.drill.exec.rpc.BitConnectionConfig; +import org.apache.drill.exec.rpc.security.AuthenticatorProvider; +import org.apache.drill.exec.server.BootStrapContext; +import org.apache.drill.exec.work.batch.ControlMessageHandler; +import org.apache.hadoop.security.HadoopKerberosName; +import org.apache.hadoop.security.UserGroupInformation; + +import java.io.IOException; +import java.util.Map; + +// package private +class BitConnectionConfigImpl implements BitConnectionConfig { +// private static final org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(BitConnectionConfigImpl.class); + + private final BufferAllocator allocator; + private final BootStrapContext context; + private final ControlMessageHandler handler; + + private final AuthenticatorProvider authProvider; + private final String authMechanismToUse; + private final String clusterId; + + private DrillbitEndpoint localEndpoint; + + BitConnectionConfigImpl(BufferAllocator allocator, BootStrapContext context, ControlMessageHandler handler) { + this.allocator = allocator; + this.context = context; + this.handler = handler; + + final DrillConfig config = context.getConfig(); + this.authProvider = config.getBoolean(ExecConstants.BIT_AUTHENTICATION_ENABLED) + ? context.getAuthProvider() + : null; + this.authMechanismToUse = config.getBoolean(ExecConstants.BIT_AUTHENTICATION_ENABLED) + ? config.getString(ExecConstants.BIT_AUTHENTICATION_MECHANISM) + : null; + this.clusterId = config.getBoolean(ExecConstants.USE_CLUSTER_ID_AS_KERBEROS_INSTANCE_NAME) --- End diff -- Seems like we are missing this check when authentication is enabled. Same for Data implementation ``` if (authProvider.getAllFactoryNames().size() == 0) { throw new DrillbitStartupException("Authentication enabled, but no mechanisms found. Please check " + "authentication configuration."); } ``` > Kerberos Authentication > ----------------------- > > Key: DRILL-4280 > URL: https://issues.apache.org/jira/browse/DRILL-4280 > Project: Apache Drill > Issue Type: Improvement > Reporter: Keys Botzum > Assignee: Sudheesh Katkam > Labels: security > > Drill should support Kerberos based authentication from clients. This means > that both the ODBC and JDBC drivers as well as the web/REST interfaces should > support inbound Kerberos. For Web this would most likely be SPNEGO while for > ODBC and JDBC this will be more generic Kerberos. > Since Hive and much of Hadoop supports Kerberos there is a potential for a > lot of reuse of ideas if not implementation. > Note that this is related to but not the same as > https://issues.apache.org/jira/browse/DRILL-3584 -- This message was sent by Atlassian JIRA (v6.3.15#6346)