Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.16.0
-
None
-
None
-
drill version 1.16
drill host ubuntu 1804
kerberos: FreeIPA (hbac rules)
Description
Currently there is no way to limit drill user access to a particular LDAP group when kerberos is used for authentication.Its not an issue with PAM as it supports sssd which knows how to do this.
So the sum effect is that any valid kerberos user can access drill while typically access would be limited to particular groups. So to test I have a kerberos enviroment with freeIPA and set up with a user tuser2 who has no host access on the drill server (hbac rule).
Access is denied when I try and connect using sqlLine using user/password credentials ( correct) but access it granted if I connect with an acquired TGT ticket then access is granted ( wrong)