Configuring Drill to Use libjpam
You can configure Drill to use libjpam for Plain authentication between a client, such as ODBC, and the Drillbit.
To configure Drill to use libjpam, complete the following steps:
- Copy the libjpam.so file from /opt/mapr/lib to a directory that does not contain other Hadoop components, for example /opt/pam/.
- Add the following line to /opt/mapr/drill/drill-<version>/conf/drill-env.sh,
including the directory where the libjpam.so file is located, as
shown:
export DRILLBIT_JAVA_OPTS="$DRILLBIT_JAVA_OPTS -Djava.library.path=<directory>" Example: export DRILLBIT_JAVA_OPTS="$DRILLBIT_JAVA_OPTS -Djava.library.path=/opt/pam/"
- Add the following configuration to the drill.exec block in
/opt/mapr/drill/drill-<version>/conf/drill-override.conf:
drill.exec: { cluster-id: "drillbits1", zk.connect: "qa102-81.qa.lab:5181,qa102-82.qa.lab:5181,qa102-83.qa.lab:5181", impersonation: { enabled: true, max_chained_user_hops: 3 }, security: { auth.mechanisms : ["PLAIN"], }, security.user.auth: { enabled: true, packages += "org.apache.drill.exec.rpc.user.security", impl: "pam", pam_profiles: [ "sudo", "login", "mapr-admin" ] } }
- (Optional) To add or remove different PAM profiles, add or delete the profile names in
the pam_profiles array portion of the
configuration:
pam_profiles: [ "sudo", "login" ]
- Restart the Drillbit process on each Drill node, as
shown:
/opt/mapr/drill/drill-<version>/bin/drillbit.sh restart