mpersonation.
>
> On Mon, Aug 15, 2016 at 1:31 PM, scott <tcots8...@gmail.com> wrote:
>
> > Hello,
> > I think I have discovered a bug, but I wanted to run this by the
> community
> > first. I was testing user impersonation on a MapR cluster in cluster
ts8...@gmail.com> wrote:
> Hello,
> I think I have discovered a bug, but I wanted to run this by the community
> first. I was testing user impersonation on a MapR cluster in cluster mode.
> I put in the ZK connect string and it works fine. The permissions limit
> access as I would e
Hello,
I think I have discovered a bug, but I wanted to run this by the community
first. I was testing user impersonation on a MapR cluster in cluster mode.
I put in the ZK connect string and it works fine. The permissions limit
access as I would expect. Then, I tested a direct connection to one
The way I'd answer the question is that if you need authorization to be
enforced by the underlying data store, then the data store must have the
capability of inbound impersonation. Over time, many storage systems have added
that function. There was a time in the not too distant past when many
On Fri, Jul 1, 2016 at 11:50 AM, Paul Rogers wrote:
> All of this is a long-winded way of asking this: What do other “big data”
> tools do to solve this problem? If one is doing big data, should a
> distributed file system be a requirement if one wants security?
>
Other
gt; | drill.exec.impersonation.enabled| BOOLEAN |
>> BOOT |
>>>>>> BOOT| null | null| true | null |
>>>>>> | drill.exec.impersonation.max_chained_user_hops | LONG |
>> BOOT |
>>>>>> BOOT| 2| null| null | null |
>>>>>>
>>>>>>
>>>>>
>>>
>> +-+--+---+-+--+-+---++
>>>>>>
>>>>>> My override conf is:
>>>>>> drill.exec: {
>>>>>> cluster-id: "mydrillbits",
>>>>>> zk: {
>>>>>>connect: "10.80.22.238:2181",
>>>>>>root: "drill",
>>>>>>refresh: 500,
>>>>>>timeout: 5000,
>>>>>>retry: {
>>>>>> count: 7200,
>>>>>> delay: 500
>>>>>>}
>>>>>> },
>>>>>> http: {
>>>>>>enabled: true,
>>>>>>ssl_enabled: true,
>>>>>>port: 8047
>>>>>> },
>>>>>> impersonation: {
>>>>>>enabled: true,
>>>>>>max_chained_user_hops: 2
>>>>>> },
>>>>>> security.user.auth {
>>>>>>enabled: true,
>>>>>>packages += "org.apache.drill.exec.rpc.user.security",
>>>>>>impl: "pam",
>>>>>>pam_profiles: [ "sudo", "login" ]
>>>>>> }
>>>>>> }
>>>>>>
>>>>>>
>>>>>> Has anyone had similar problems, or am I misunderstanding how user
>>>>>> impersonation works?
>>>>>>
>>>>>> Thanks for your time,
>>>>>> Scott
>>>>>>
>>>>>
>>>>
>>>>
>>>
>>
> >> >
> > >> >
> > >>
> >
> +-+--+---+-+--+-+---++
> > >> >
> > >> > My override conf is:
> > &
zk: {
> >> > connect: "10.80.22.238:2181",
> >> > root: "drill",
> >> > refresh: 500,
> >> > timeout: 5000,
> >> > retry: {
> >> > count: 7200,
> >> > delay: 500
> >> > }
> >> > },
> >> > http: {
> >> > enabled: true,
> >> > ssl_enabled: true,
> >> > port: 8047
> >> > },
> >> > impersonation: {
> >> > enabled: true,
> >> > max_chained_user_hops: 2
> >> > },
> >> > security.user.auth {
> >> > enabled: true,
> >> > packages += "org.apache.drill.exec.rpc.user.security",
> >> > impl: "pam",
> >> > pam_profiles: [ "sudo", "login" ]
> >> > }
> >> > }
> >> >
> >> >
> >> > Has anyone had similar problems, or am I misunderstanding how user
> >> > impersonation works?
> >> >
> >> > Thanks for your time,
> >> > Scott
> >> >
> >>
> >
> >
>
; refresh: 500,
>> > timeout: 5000,
>> > retry: {
>> > count: 7200,
>> > delay: 500
>> > }
>> > },
>> > http: {
>> > enabled: true,
>> > ssl_enabled: true,
>> > port: 8047
>> > },
>> > impersonation: {
>> > enabled: true,
>> > max_chained_user_hops: 2
>> > },
>> > security.user.auth {
>> > enabled: true,
>> > packages += "org.apache.drill.exec.rpc.user.security",
>> > impl: "pam",
>> > pam_profiles: [ "sudo", "login" ]
>> > }
>> > }
>> >
>> >
>> > Has anyone had similar problems, or am I misunderstanding how user
>> > impersonation works?
>> >
>> > Thanks for your time,
>> > Scott
>> >
>>
>
>
gt; > delay: 500
> > }
> > },
> > http: {
> > enabled: true,
> > ssl_enabled: true,
> > port: 8047
> > },
> > impersonation: {
> > enabled: true,
> > max_chained_user_hops: 2
> > },
> > security.user.auth {
> > enabled: true,
> > packages += "org.apache.drill.exec.rpc.user.security",
> > impl: "pam",
> > pam_profiles: [ "sudo", "login" ]
> > }
> > }
> >
> >
> > Has anyone had similar problems, or am I misunderstanding how user
> > impersonation works?
> >
> > Thanks for your time,
> > Scott
> >
>
y: 500
> }
> },
> http: {
> enabled: true,
> ssl_enabled: true,
> port: 8047
> },
> impersonation: {
> enabled: true,
> max_chained_user_hops: 2
> },
> security.user.auth {
> enabled: true,
> packages +
rsonation: {
enabled: true,
max_chained_user_hops: 2
},
security.user.auth {
enabled: true,
packages += "org.apache.drill.exec.rpc.user.security",
impl: "pam",
pam_profiles: [ "sudo", "login" ]
}
}
Has anyone had similar problems, or am
12 matches
Mail list logo