drill-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benedikt Koehler <eigenarb...@gmail.com>
Subject Re: REST API queries with PAM
Date Sat, 25 Feb 2017 15:38:43 GMT
Hi Bob,

thanks a lot! Works like a charm.

Best
Benedikt

--
Dr. Benedikt Köhler
Mail: benedikt@eigenarbeit.org


2017-02-25 12:48 GMT+01:00 Bob Rudis <bob@rud.is>:
> You have to hit the auth check endpoint first and save off the session cookies:
>
>     curl -X POST \
>          -H "Content-Type: application/x-www-form-urlencoded" \
>          -k \
>          -c cookies.txt \
>          -s \
>          -d "j_username=USERNAME" \
>          -d "j_password=PASSWORD" \
>          http://localhost:8047/j_security_check
>
> Then you can use those cookies with regular requests:
>
>     curl -k \
>          -b cookies.txt \
>          -v \
>          -X POST \
>          -H "Content-Type: application/json" \
>          -d '{"queryType":"SQL", "query": "select * from sys.version"}' \
>          http://localhost:8047/query.json
>
> NOTE That you should also use SSL/TLS when enabling this since it's
> trivial to sniff those values over the wire or on-system. I grok that
> you're just on your local system and this is prbly for testing but
> credentials without encryption are pretty much not credentials.
>
> On Sat, Feb 25, 2017 at 5:32 AM, Benedikt Koehler <eigenarbeit@gmail.com> wrote:
>> Hi,
>>
>> I have managed to enable PAM authorization for Drill on my Ubuntu
>> machine. The login via the web interface is working great.
>> Configuration in drill-override.conf is just the minimal example from
>> the documentation:
>>
>> security.user.auth {
>>         enabled: true,
>>         packages += "org.apache.drill.exec.rpc.user.security",
>>         impl: "pam",
>>         pam_profiles: ["sudo", "login"]
>> }
>>
>> But I couldn't get the REST queries to work. They work well when
>> security is disable. E.g.
>>
>> curl -X POST -H "Content-Type: application/json" -d '{"queryType":
>> "SQL", "query":"SHOW DATABASES"}' http://localhost:8047/query.json
>>
>> gives me a list of the databases.
>>
>> But if PAM security is enabled, the same request does not create any
>> response. And it also doesn't show an error in the drill logs.
>>
>> Thanks!
>>
>> Best
>> Benedikt
>>
>> --
>> Dr. Benedikt Köhler
>> Mail: benedikt@eigenarbeit.org

Mime
View raw message