From user-return-9153-apmail-drill-user-archive=drill.apache.org@drill.apache.org Thu Apr 19 02:46:06 2018 Return-Path: X-Original-To: apmail-drill-user-archive@www.apache.org Delivered-To: apmail-drill-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 07D9818CE5 for ; Thu, 19 Apr 2018 02:46:06 +0000 (UTC) Received: (qmail 69160 invoked by uid 500); 19 Apr 2018 02:46:05 -0000 Delivered-To: apmail-drill-user-archive@drill.apache.org Received: (qmail 69087 invoked by uid 500); 19 Apr 2018 02:46:05 -0000 Mailing-List: contact user-help@drill.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@drill.apache.org Delivered-To: mailing list user@drill.apache.org Received: (qmail 69071 invoked by uid 99); 19 Apr 2018 02:46:04 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 Apr 2018 02:46:04 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 29E4FC1AA8 for ; Thu, 19 Apr 2018 02:46:04 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.889 X-Spam-Level: * X-Spam-Status: No, score=1.889 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com.au Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id 2kHSGb3mGiE4 for ; Thu, 19 Apr 2018 02:46:03 +0000 (UTC) Received: from sonic305-49.consmr.mail.ne1.yahoo.com (sonic305-49.consmr.mail.ne1.yahoo.com [66.163.185.175]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id AB4205F340 for ; Thu, 19 Apr 2018 02:46:02 +0000 (UTC) X-YMail-OSG: oiQTI2UVM1lPyUj9eryjqgwnzkZA.82lZr_2mfpuVoSLXRkahGSqY2ZYTtXCa2O mMoI422pIXB7Tc8LgdCguLlD0nM2Oj86gP1uj4XqDp3UvKj2wVHK3xOxxZqjlhvFlNHBBOe1zdjE QFbe5iMfvJV74D4S01vUd45fM32qmnG4efNnKX5JIZSqg96mY1d7Ww491XQtHFg5zWGue4zuSqnd _abE5ai5qbrL5iD9EbaglGnOyU3zZ4j.g5_9oeekqD4maj1jNluNEcke3o.Mc7Qdv84EUK5KXtzM xUIZU1ry_c85X9S16SBaWf9T5gB.5wC__hKf5qliqpN.4ir8S_ArpFHZBp8LHAXdipiGEEpbgsNZ aN0olsrrZrTEm3VGo8cCnLNV6QLHPCbOzrEEMEM.is_sMoaaoEEld4HYjAXupW14jTLn_AseazRl JpNFFrQKddHLMmx9oWV5fwY4Pn8Ka1g96MpV28T5QUQl3yxcG2fyqbekNPA5FnyNOdB5uZ_TFXke ZGO1DFLkCH6BY_.s4tmUyMbfyjXD6l1s4XcvplVaoCRSzjdjo94s9z720y1fpu7oxyVveYQ-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Thu, 19 Apr 2018 02:45:56 +0000 Date: Thu, 19 Apr 2018 02:41:55 +0000 (UTC) From: Spiro Ketal Reply-To: Spiro Ketal To: "user@drill.apache.org" Message-ID: <579567769.2429447.1524105715176@mail.yahoo.com> Subject: ldap, kerberos zookeeper and drill integration - Drill failing to authenticate MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_2429446_1285292365.1524105715174" References: <579567769.2429447.1524105715176.ref@mail.yahoo.com> X-Mailer: WebService/1.1.11782 YMailNorrin Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 ------=_Part_2429446_1285292365.1524105715174 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Dear Apache List Members,I have a test system that comprises of several VMs= . One provides (integrated) OpenLDAP/Kerberos5 services (LDAP backend) and = I've integrated zookeeper with this (via JAAS). The authentication works bu= t I had to use a per node config (with FQDNs) to achieve this. (ie. zk/node= 0001.my.domain; zk/node0002.my.domain, ..., instead of zk/nodes@MY.DOMAIN) My goal is to have drill authenticate and to be able to use the underlying = java DoAs() functionality to interact with HDFS and zookeeper. I don't quit= e understand how the kerberos authentication works in the case of drill. Do= es the drill software provide a kerberos authenticated client connection to= zookeeper? The drill cluster appears to start OK (without client-side auth= entication to zookeeper - which I'd like to remedy) but I seem to be receiv= ing errors relating to GSSAPI when I attempt to connect to the drill via sq= lline: =C2=A0Error: Failure in connecting to Drill: org.apache.drill.exec.rpc.RpcE= xception: javax.security.sasl.SaslException: Failed to login. [Caused by ja= vax.security.auth.login.LoginException: Unable to obtain password from user= ] (state=3D,code=3D0) I've tried various combinations but can't seem to get drill to authenticate= .=C2=A0 Any assistance or pointers would be greatly appreciated.Thanks.Cheers, Spir= o. ------=_Part_2429446_1285292365.1524105715174--