Re: user impersonation bypass

2016-08-16 Thread scott
mpersonation. > > On Mon, Aug 15, 2016 at 1:31 PM, scott <tcots8...@gmail.com> wrote: > > > Hello, > > I think I have discovered a bug, but I wanted to run this by the > community > > first. I was testing user impersonation on a MapR cluster in cluster

Re: user impersonation bypass

2016-08-15 Thread Chun Chang
ts8...@gmail.com> wrote: > Hello, > I think I have discovered a bug, but I wanted to run this by the community > first. I was testing user impersonation on a MapR cluster in cluster mode. > I put in the ZK connect string and it works fine. The permissions limit > access as I would e

user impersonation bypass

2016-08-15 Thread scott
Hello, I think I have discovered a bug, but I wanted to run this by the community first. I was testing user impersonation on a MapR cluster in cluster mode. I put in the ZK connect string and it works fine. The permissions limit access as I would expect. Then, I tested a direct connection to one

Re: User Impersonation

2016-07-01 Thread Keys Botzum
The way I'd answer the question is that if you need authorization to be enforced by the underlying data store, then the data store must have the capability of inbound impersonation. Over time, many storage systems have added that function. There was a time in the not too distant past when many

Re: User Impersonation

2016-07-01 Thread Ted Dunning
On Fri, Jul 1, 2016 at 11:50 AM, Paul Rogers wrote: > All of this is a long-winded way of asking this: What do other “big data” > tools do to solve this problem? If one is doing big data, should a > distributed file system be a requirement if one wants security? > Other

Re: User Impersonation

2016-07-01 Thread Paul Rogers
gt; | drill.exec.impersonation.enabled| BOOLEAN | >> BOOT | >>>>>> BOOT| null | null| true | null | >>>>>> | drill.exec.impersonation.max_chained_user_hops | LONG | >> BOOT | >>>>>> BOOT| 2| null| null | null | >>>>>> >>>>>> >>>>> >>> >> +-+--+---+-+--+-+---++ >>>>>> >>>>>> My override conf is: >>>>>> drill.exec: { >>>>>> cluster-id: "mydrillbits", >>>>>> zk: { >>>>>>connect: "10.80.22.238:2181", >>>>>>root: "drill", >>>>>>refresh: 500, >>>>>>timeout: 5000, >>>>>>retry: { >>>>>> count: 7200, >>>>>> delay: 500 >>>>>>} >>>>>> }, >>>>>> http: { >>>>>>enabled: true, >>>>>>ssl_enabled: true, >>>>>>port: 8047 >>>>>> }, >>>>>> impersonation: { >>>>>>enabled: true, >>>>>>max_chained_user_hops: 2 >>>>>> }, >>>>>> security.user.auth { >>>>>>enabled: true, >>>>>>packages += "org.apache.drill.exec.rpc.user.security", >>>>>>impl: "pam", >>>>>>pam_profiles: [ "sudo", "login" ] >>>>>> } >>>>>> } >>>>>> >>>>>> >>>>>> Has anyone had similar problems, or am I misunderstanding how user >>>>>> impersonation works? >>>>>> >>>>>> Thanks for your time, >>>>>> Scott >>>>>> >>>>> >>>> >>>> >>> >>

Re: User Impersonation

2016-07-01 Thread scott
> >> > > > >> > > > >> > > > +-+--+---+-+--+-+---++ > > >> > > > >> > My override conf is: > > &

Re: User Impersonation

2016-07-01 Thread Ted Dunning
zk: { > >> > connect: "10.80.22.238:2181", > >> > root: "drill", > >> > refresh: 500, > >> > timeout: 5000, > >> > retry: { > >> > count: 7200, > >> > delay: 500 > >> > } > >> > }, > >> > http: { > >> > enabled: true, > >> > ssl_enabled: true, > >> > port: 8047 > >> > }, > >> > impersonation: { > >> > enabled: true, > >> > max_chained_user_hops: 2 > >> > }, > >> > security.user.auth { > >> > enabled: true, > >> > packages += "org.apache.drill.exec.rpc.user.security", > >> > impl: "pam", > >> > pam_profiles: [ "sudo", "login" ] > >> > } > >> > } > >> > > >> > > >> > Has anyone had similar problems, or am I misunderstanding how user > >> > impersonation works? > >> > > >> > Thanks for your time, > >> > Scott > >> > > >> > > > > >

Re: User Impersonation

2016-07-01 Thread scott
; refresh: 500, >> > timeout: 5000, >> > retry: { >> > count: 7200, >> > delay: 500 >> > } >> > }, >> > http: { >> > enabled: true, >> > ssl_enabled: true, >> > port: 8047 >> > }, >> > impersonation: { >> > enabled: true, >> > max_chained_user_hops: 2 >> > }, >> > security.user.auth { >> > enabled: true, >> > packages += "org.apache.drill.exec.rpc.user.security", >> > impl: "pam", >> > pam_profiles: [ "sudo", "login" ] >> > } >> > } >> > >> > >> > Has anyone had similar problems, or am I misunderstanding how user >> > impersonation works? >> > >> > Thanks for your time, >> > Scott >> > >> > >

Re: User Impersonation

2016-06-30 Thread scott
gt; > delay: 500 > > } > > }, > > http: { > > enabled: true, > > ssl_enabled: true, > > port: 8047 > > }, > > impersonation: { > > enabled: true, > > max_chained_user_hops: 2 > > }, > > security.user.auth { > > enabled: true, > > packages += "org.apache.drill.exec.rpc.user.security", > > impl: "pam", > > pam_profiles: [ "sudo", "login" ] > > } > > } > > > > > > Has anyone had similar problems, or am I misunderstanding how user > > impersonation works? > > > > Thanks for your time, > > Scott > > >

Re: User Impersonation

2016-06-30 Thread Chun Chang
y: 500 > } > }, > http: { > enabled: true, > ssl_enabled: true, > port: 8047 > }, > impersonation: { > enabled: true, > max_chained_user_hops: 2 > }, > security.user.auth { > enabled: true, > packages +

User Impersonation

2016-06-30 Thread scott
rsonation: { enabled: true, max_chained_user_hops: 2 }, security.user.auth { enabled: true, packages += "org.apache.drill.exec.rpc.user.security", impl: "pam", pam_profiles: [ "sudo", "login" ] } } Has anyone had similar problems, or am