[ https://issues.apache.org/jira/browse/DRILL-7296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Terence Namusonge Sifuna updated DRILL-7296: -------------------------------------------- Summary: Kerberos Authorisation (was: No way to limit kerberos access to a particular group) > Kerberos Authorisation > ---------------------- > > Key: DRILL-7296 > URL: https://issues.apache.org/jira/browse/DRILL-7296 > Project: Apache Drill > Issue Type: Bug > Components: Server > Affects Versions: 1.16.0 > Environment: drill version 1.16 > drill host ubuntu 1804 > kerberos: FreeIPA (hbac rules) > Reporter: Terence Namusonge Sifuna > Priority: Major > > Currently there is no way to limit drill user access to a particular LDAP > group when kerberos is used for authentication.Its not an issue with PAM as > it supports sssd which knows how to do this. > So the sum effect is that any valid kerberos user can access drill while > typically access would be limited to particular groups. So to test I have a > kerberos enviroment with freeIPA and set up with a user tuser2 who has no > host access on the drill server (hbac rule). > Access is denied when I try and connect using sqlLine using user/password > credentials ( correct) but access it granted if I connect with an acquired > TGT ticket then access is granted ( wrong) -- This message was sent by Atlassian JIRA (v7.6.3#76005)