Configuring Drill to Use libpam4j
You can configure Drill to use libpam4j for Plain authentication between a client, such as ODBC, and the Drillbit.
Starting in EEP 5.0, you can configure Drill to use libpam4j for form-based authentication between a web client and Drillbit (web server). Form-based authentication is like Plain authentication in that a user is presented with a web form where s/he enters a username and password to access restricted web pages. When using form-based authentication, you can also configure Drill to use SPNEGO. See SPNEGO for HTTP Authentication.
Complete the following steps to configure Plain authentication (for JDBC/ODBC clients) and form-based authentication (for the web client) in Drill:
- Add the following configurations to the
/opt/mapr/drill/drill-<version>/conf/drill-override.conf
file:drill.exec:{ cluster-id:"drillbits1", zk.connect:"<zk-node-hostname>:5181,<zk-node-hostname>:5181,<zk-node-hostname>:5181", security:{ auth.mechanisms:[ "PLAIN"], }, security.user.auth:{ enabled:true, packages += "org.apache.drill.exec.rpc.user.security", impl:"pam4j", pam_profiles:[ "sudo", "login" ] }, http.auth.mechanisms:[ "FORM" ] }
- (Optional) To add or remove different PAM profiles, add or delete the profile names in
the
pam_profiles
array portion of the configuration:pam_profiles: [ "sudo", "login" ]
- Restart the Drillbit process on each Drill node, as
shown:
/opt/mapr/drill/drill-<version>/bin/drillbit.sh restart