[DRILL-6983] PAM Auth Enabled on Drill-On-YARN only works on YARN user - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.14.0, 1.15.0
Fix Version/s: None
Component/s: Client - HTTP
Labels:
None

Description

Hi,

I'm having problem running Drill-on-YARN with PAM authentication enabled. PAM auth is working, BUT only accepting login via WEBUI for YARN user.

drill-override.conf

drill.exec: {

 cluster-id: "drillbits2",
 zk.connect: "app40:2181,app41:2181,app42:2181",
 impersonation: {
  enabled: true
 },
security: {
  auth.mechanisms: [ "PLAIN" ],
  user.auth.enabled: true,
  user.auth.packages += "org.apache.drill.exec.rpc.user.security",
  user.auth.impl: "pam",  
  user.auth.pam_profiles: [ "login", "sshd" ]
  }
}

SEE errors below:

As you can see from the screenshot, when trying to login via WEBUI using infra or drill user, I'm having error 'password check failed for user (USER)`. But you'll also notice that it's giving me authentication failure for UID=1018 which is YARN

Please help me to right direction or if I'm missing something.

Thank you.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

Selection_999(203).png
17/Jan/19 07:09
43 kB
Michael Dennis Uanang
Selection_999(204).png
17/Jan/19 07:08
40 kB
Michael Dennis Uanang
Selection_999(205).png
17/Jan/19 07:11
13 kB
Michael Dennis Uanang

Activity

People

Assignee:: Unassigned

Reporter:: Michael Dennis Uanang

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 17/Jan/19 07:26

Updated:: 01/Feb/19 07:10