drill-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knapp, Michael" <Michael.Kn...@capitalone.com>
Subject Using SASL encryption from Clients to Drillbits
Date Thu, 29 Jun 2017 19:36:43 GMT
Hi,

I am having trouble using SASL encryption between my SQL Workbench client and Drill.  I am
not trying to setup encryption between Drillbit nodes, just between clients and Drillbits.

I have been using this commit<https://github.com/apache/drill/pull/773/files> as my
reference.

Here is what I have done:

·         I built Drill from source and deployed it.  This was using the 1.11.0-SNAPSHOT
as of yesterday (June 28).

·         I started Drill with DRILLBIT_JAVA_OPTS including “-Ddrill.exec.security.user.encryption.sasl.enabled=true”

·         Note that my Drill also has a custom LDAP authenticator written that is configured
in my drill-module.conf and works.  So “drill.exec.security.user.auth.enabled” is set
to true and “drill.exec.security.user.auth.impl” is set to “ldap”.  The “ldap”
mechanism is provided by a jar I wrote.

·         I use my own LDAP username and password when connecting with the drillbit, this
has always worked in the past.

·          I updated my SQL Workbench driver to use all of the jars from the distribution
I just built.

·         In my SQL Workbench connection configuration, I have added two extended properties:
“sasl_enabled” which is set to “true”, and “auth” which I am not sure what to
set it to.

I have attempted connecting with auth set to “plain”, “Kerberos”, “ldap”, “otp”,
“SKEY”, “PAM”, and “EXTERNAL”.  Every time it either was not a supported authentication
mechanism, or it was supported but the mechanism did not support the configured security layers.

Example failure messages:

When using “ldap” as the “auth” mechanism:
Failure in connecting to Drill: oadd.org.apache.drill.exec.rpc.NonTransientRpcException: javax.security.sasl.SaslException:
Authentication failed. [Details: Encryption: enabled , MaxWrappedSize: 65536 , WrapSizeLimit:
0, Error Unknown mechanism: ldap] [Caused by javax.security.sasl.SaslException: Unknown mechanism:
ldap]

When using “plain” as the “auth” mechanism:
Failure in connecting to Drill: oadd.org.apache.drill.exec.rpc.NonTransientRpcException: javax.security.sasl.SaslException:
Authentication failed. [Details: Encryption: enabled , MaxWrappedSize: 65536 , WrapSizeLimit:
0, Error Cannot initiate authentication using PLAIN mechanism. Insufficient credentials or
selected mechanism doesn't support configured security layers?] [Caused by javax.security.sasl.SaslException:
Cannot initiate authentication using PLAIN mechanism. Insufficient credentials or selected
mechanism doesn't support configured security layers?]

Please let me know what I am missing here.

Michael Knapp

________________________________________________________

The information contained in this e-mail is confidential and/or proprietary to Capital One
and/or its affiliates and may only be used solely in performance of work or services for Capital
One. The information transmitted herewith is intended only for use by the individual or entity
to which it is addressed. If the reader of this message is not the intended recipient, you
are hereby notified that any review, retransmission, dissemination, distribution, copying
or other use of, or taking of any action in reliance upon this information is strictly prohibited.
If you have received this communication in error, please contact the sender and delete the
material from your computer.
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message