Dear Apache List Members,I have a test system that comprises of several VMs. One provides (integrated)
OpenLDAP/Kerberos5 services (LDAP backend) and I've integrated zookeeper with this (via JAAS).
The authentication works but I had to use a per node (with FQDNs) to achieve this. (ie. zk/node0001.my.domain;
zk/node0002.my.domain, ..., instead of zk/nodes@MY.DOMAIN)
My goal is to have drill authenticate and to be able to use the underlying java DoAs() functionality.
I don't quite understand how the kerberos authentication works. Does the drill software provide
a kerberos authenticated client connection to zookeeper? The drill cluster appears to start
OK (without client-side authentication to zookeeper - which I'd like to remedy) but I seem
to be receiving errors relating to GSSAPI when I attempt to connect to the drill via sqlline:
Error: Failure in connecting to Drill: org.apache.drill.exec.rpc.RpcException: javax.security.sasl.SaslException:
Failed to login. [Caused by javax.security.auth.login.LoginException: Unable to obtain password
from user] (state=,code=0)
I've tried various combinations but can't seem to get drill to authenticate.
Any assistance or pointers would be greatly appreciated.Thanks.Cheers, Spiro.
|