drill-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Spiro Ketal <spiroke...@yahoo.com.au.INVALID>
Subject ldap, kerberos zookeeper and drill integration - Drill failing to authenticate
Date Wed, 18 Apr 2018 23:51:30 GMT
Dear Apache List Members,I have a test system that comprises of several VMs. One provides (integrated)
OpenLDAP/Kerberos5 services (LDAP backend) and I've integrated zookeeper with this (via JAAS).
The authentication works but I had to use a per node (with FQDNs) to achieve this. (ie. zk/node0001.my.domain;
zk/node0002.my.domain, ..., instead of zk/nodes@MY.DOMAIN)
My goal is to have drill authenticate and to be able to use the underlying java DoAs() functionality.
I don't quite understand how the kerberos authentication works. Does the drill software provide
a kerberos authenticated client connection to zookeeper? The drill cluster appears to start
OK (without client-side authentication to zookeeper - which I'd like to remedy) but I seem
to be receiving errors relating to GSSAPI when I attempt to connect to the drill via sqlline:
 Error: Failure in connecting to Drill: org.apache.drill.exec.rpc.RpcException: javax.security.sasl.SaslException:
Failed to login. [Caused by javax.security.auth.login.LoginException: Unable to obtain password
from user] (state=,code=0)
I've tried various combinations but can't seem to get drill to authenticate. 
Any assistance or pointers would be greatly appreciated.Thanks.Cheers, Spiro.
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message