drill-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Rudis <...@rud.is>
Subject Re: REST API queries with PAM
Date Sat, 25 Feb 2017 11:48:25 GMT
You have to hit the auth check endpoint first and save off the session cookies:

    curl -X POST \
         -H "Content-Type: application/x-www-form-urlencoded" \
         -k \
         -c cookies.txt \
         -s \
         -d "j_username=USERNAME" \
         -d "j_password=PASSWORD" \
         http://localhost:8047/j_security_check

Then you can use those cookies with regular requests:

    curl -k \
         -b cookies.txt \
         -v \
         -X POST \
         -H "Content-Type: application/json" \
         -d '{"queryType":"SQL", "query": "select * from sys.version"}' \
         http://localhost:8047/query.json

NOTE That you should also use SSL/TLS when enabling this since it's
trivial to sniff those values over the wire or on-system. I grok that
you're just on your local system and this is prbly for testing but
credentials without encryption are pretty much not credentials.

On Sat, Feb 25, 2017 at 5:32 AM, Benedikt Koehler <eigenarbeit@gmail.com> wrote:
> Hi,
>
> I have managed to enable PAM authorization for Drill on my Ubuntu
> machine. The login via the web interface is working great.
> Configuration in drill-override.conf is just the minimal example from
> the documentation:
>
> security.user.auth {
>         enabled: true,
>         packages += "org.apache.drill.exec.rpc.user.security",
>         impl: "pam",
>         pam_profiles: ["sudo", "login"]
> }
>
> But I couldn't get the REST queries to work. They work well when
> security is disable. E.g.
>
> curl -X POST -H "Content-Type: application/json" -d '{"queryType":
> "SQL", "query":"SHOW DATABASES"}' http://localhost:8047/query.json
>
> gives me a list of the databases.
>
> But if PAM security is enabled, the same request does not create any
> response. And it also doesn't show an error in the drill logs.
>
> Thanks!
>
> Best
> Benedikt
>
> --
> Dr. Benedikt Köhler
> Mail: benedikt@eigenarbeit.org

Mime
View raw message