Hi Spiro, For the error while connecting using sqlline:- Do you have TGT generated for your client user which you are using to connect to Drill ? If yes can you check if sqlline process user has access to that ticket file or not ? Can you please share your sqlline command? Also can you share your drill-override.conf config ?
Instruction on how to configure for Kerberos on server and client side are here[1]. Not sure if you got chance to look at it. As far as enabling Drill authentication to zookeeper is concerned I have not tried it but Drill internally uses curator framework to connect to Zookeeper. So it will depend upon how Curator supports authenticating using Kerberos. From quick search it looks like just providing a JAAS conf file to below system property should be good enough. -Djava.security.auth.login.config I would say first let's try to make DrillClient to Drillbit path working with Kerberos. [1]: https://drill.apache.org/docs/configuring-kerberos-security/ Thanks, Sorabh ________________________________ From: Spiro Ketal <spiroke...@yahoo.com.au.INVALID> Sent: Wednesday, April 18, 2018 7:41:55 PM To: user@drill.apache.org Subject: ldap, kerberos zookeeper and drill integration - Drill failing to authenticate Dear Apache List Members,I have a test system that comprises of several VMs. One provides (integrated) OpenLDAP/Kerberos5 services (LDAP backend) and I've integrated zookeeper with this (via JAAS). The authentication works but I had to use a per node config (with FQDNs) to achieve this. (ie. zk/node0001.my.domain; zk/node0002.my.domain, ..., instead of zk/nodes@MY.DOMAIN) My goal is to have drill authenticate and to be able to use the underlying java DoAs() functionality to interact with HDFS and zookeeper. I don't quite understand how the kerberos authentication works in the case of drill. Does the drill software provide a kerberos authenticated client connection to zookeeper? The drill cluster appears to start OK (without client-side authentication to zookeeper - which I'd like to remedy) but I seem to be receiving errors relating to GSSAPI when I attempt to connect to the drill via sqlline: Error: Failure in connecting to Drill: org.apache.drill.exec.rpc.RpcException: javax.security.sasl.SaslException: Failed to login. [Caused by javax.security.auth.login.LoginException: Unable to obtain password from user] (state=,code=0) I've tried various combinations but can't seem to get drill to authenticate. Any assistance or pointers would be greatly appreciated.Thanks.Cheers, Spiro.
