Configuring Authentication

An administrator can enable Default Security as the only authentication mechanism, or in addition to other mechanisms, such as Kerberos and Plain authentication in drill-override.conf.

NOTE
When Drill is installed on the HPE Ezmeral Data Fabric, Drill distribution defaults are stored in the drill-distrib.conf file. To override the defaults, you must explicitly disable them in the drill-override.conf file.
The following sections provide configuration examples for several configuration scenarios:
NOTE
For client-side configuration, see Drill Drivers.

Example 1: Drill Client to Drillbit Authentication using Default Security Only

drill.exec:{
              security: {
                 user.auth.enabled: true,
                 auth.mechanisms : ["MAPRSASL"]
          }
}
NOTE
Drill executes all queries as a service or process user when impersonation is disabled.

Example 2: Drill Client to Drillbit Authentication with User Impersonation using Default

drill.exec:{
                security: {
                   user.auth.enabled: true,
                   auth.mechanisms : ["MAPRSASL"],
                    }
                impersonation: {
                   enabled: true,
                   max_chained_user_hops: 3
              }  
        }    
NOTE
Drill executes all queries as the authenticated (ticket) user when impersonation is enabled. The client to Drillbit communication path will not be encrypted.

Example 3: Drill Client to Drillbit using Multiple Authentication Mechanisms

drill.exec:{
                 security: {
                     user.auth.enabled: true,
                     user.auth.impl: "pam4j",
                     security.user.auth.packages += "org.apache.drill.exec.rpc.user.security",
                     user.auth.pam_profiles: ["sudo", "login", "mapr-admin"],
                     auth.mechanisms : ["MAPRSASL", "KERBEROS", "PLAIN"],
                     auth.principal : "mapr/_host@REALM.COM",
                     auth.keytab : "/opt/mapr/conf/mapr.keytab"
                   },
                  impersonation: {
                    enabled: true,
                    max_chained_user_hops: 3
              }

          }     

Example 4: Drillbit to Drillbit Authentication using Default Security

drill.exec:{
              security: {
                  auth.mechanisms : ["MAPRSASL"],
                  bit.auth.enabled : true
                  bit.auth.mechanism : "MAPRSASL"		
       }
} 

Example 5: Drill Client to Drillbit and Drillbit to Drillbit Authentication using Default Security

drill.exec {
              security: {
                  user.auth.enabled: true,
                  auth.mechanisms : ["MAPRSASL"],
                  bit.auth.enabled : true,
                  bit.auth.mechanism : "MAPRSASL"		
                      },
              impersonation: {
                   enabled: true,
                   max_chained_user_hops: 3
              }          
            }