Configuring Authentication
An administrator can enable MapR Security as the only authentication mechanism, or in addition to other
mechanisms, such as Kerberos and Plain authentication in
drill-override.conf
.
NOTE When Drill is installed on the MapR Data Platform, Drill distribution defaults are
stored in the
The
following sections provide configuration examples for several configuration scenarios:
drill-distrib.conf
file. To override the defaults, you must
explicitly disable them in the drill-override.conf
file. NOTE For client-side configuration, see Drill Drivers.
Example 1: Drill Client to Drillbit Authentication using MapR Security Only
drill.exec:{
security: {
user.auth.enabled: true,
auth.mechanisms : ["MAPRSASL"]
}
}
NOTE Drill executes all queries as a service or process user when impersonation is
disabled.
Example 2: Drill Client to Drillbit Authentication with User Impersonation using MapR
drill.exec:{
security: {
user.auth.enabled: true,
auth.mechanisms : ["MAPRSASL"],
}
impersonation: {
enabled: true,
max_chained_user_hops: 3
}
}
NOTE Drill executes all queries as the authenticated (ticket) user when impersonation is
enabled. The client to Drillbit communication path will not be encrypted.
Example 3: Drill Client to Drillbit using Multiple Authentication Mechanisms
drill.exec:{
security: {
user.auth.enabled: true,
user.auth.impl: "pam4j",
security.user.auth.packages += "org.apache.drill.exec.rpc.user.security",
user.auth.pam_profiles: ["sudo", "login", "mapr-admin"],
auth.mechanisms : ["MAPRSASL", "KERBEROS", "PLAIN"],
auth.principal : "mapr/_host@REALM.COM",
auth.keytab : "/opt/mapr/conf/mapr.keytab"
},
impersonation: {
enabled: true,
max_chained_user_hops: 3
}
}
Example 4: Drillbit to Drillbit Authentication using MapR Security
drill.exec:{
security: {
auth.mechanisms : ["MAPRSASL"],
bit.auth.enabled : true
bit.auth.mechanism : "MAPRSASL"
}
}
Example 5: Drill Client to Drillbit and Drillbit to Drillbit Authentication using MapR Security
drill.exec {
security: {
user.auth.enabled: true,
auth.mechanisms : ["MAPRSASL"],
bit.auth.enabled : true,
bit.auth.mechanism : "MAPRSASL"
},
impersonation: {
enabled: true,
max_chained_user_hops: 3
}
}