Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.13.0
-
None
-
None
-
MapR 6
Description
Sqlline requires explicit kerberos 'principal=' parameter in its JDBC connection string, eg:
zk=<list>;auth=kerberos;principal=mapr/<cluster_name>@REALM
When Drill nodes are configured with individual keytabs containing the node's fqdn and configured like so:
security: { auth.principal: mapr/_HOST@REALM }
then the ZooKeeper connection string from sqlline does not work and results in GSS Kerberos error:
Caused by: KrbException: Identifier doesn't match expected value
due to the mismatch between the explicit sqlline kerberos principal and zookeeper's random drillbit's principal.
For the connection to work in this case requires something more like:
drillbits=$(hostname -f);auth=kerberos;principal=mapr/$(hostname -f)@REALM
but this lacks the high availability of using the ZooKeeper connection string to connect to any available node
Hence it would be good if there was a way for sqlline arguments to be able to either infer the correct kerberos principal to match the host that zookeeper tells it to connect to or else accept a more generic parameter such as:
zk=<list>;auth=kerberos;principal=mapr/_HOST@REALM
I've tested the above but it doesn't work showing that sqlline is not using a dynamic kerberos principal to match the host it is connecting to.