AnsweredAssumed Answered

Mapr-drill cannot authenticate using PLAIN mechanism

Question asked by reedv on Jan 9, 2018
Latest reply on Jan 12, 2018 by maprcommunity

Having PLAIN authentication error when trying to run queries or access drill-explorer.

Have installed mapr 6.0 using the installer script and have drill installed and running on all nodes:

[mapr@mapr001 ~]$ clush -ab 'jps'
160245 Drillbit
73244 CLDB
121401 Drillbit
134738 Drillbit

as well as already have the query service set up (not sure what this does, just looking at the docs (did not follow this particular instruction since the output already looked like how the docs showed they were supposed to)):

[mapr@mapr001 ~]$ maprcli cluster queryservice getconfig
storageplugin zookeeper                                                                        znode  clusterid                         enabled
dfs           mapr001.cluster.local:5181,mapr002.cluster.local:5181,mapr003.cluster.local:5181 /drill uceramapr.cluster.local-drillbits true

This is the last instruction in the mapr docs for installing drill.


At this point, I try to inspect some log files with drill explorer using the apache drill docs and get connection errors saying:

ERROR [08S01] [MapR][Drill] (30)  Handshake failure occurred while trying to connect to local= Server message: [30018]Handshake Failed due to an error on the server. [Server message was: (28c8b842-d472-43bd-93c1-55f0b15bf5d0) Invalid user credentials: The server doesn't allow client without encryption support. Please upgrade your client or talk to your system administrator.]

Yet, in drill explorer connection dialog, I am choosing plain authentication and mapr 6.0 uses the latest version of drill (1.11):

[mapr@mapr001 ~]$ yum info mapr-drill
Installed Packages
Name        : mapr-drill
Arch        : noarch
Version     :
Repo        : installed

Checking the drill web UI, the enabled storage plugins are cp and dfs (following the "connecting drill to datasources" docs). Have also installed the file in a directory /opt/pam (as per the documentation for setting up plain authentication). 


I also can't connect to drill via sqlline:

[mapr@mapr002 ingest_scripts]$ /opt/mapr/drill/drill-1.11.0/bin/sqlline

OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=512M; support was removed in 8.0
apache drill 1.11.0-mapr
"what ever the mind of man can conceive and believe, drill can query"

sqlline> !connect jdbc:drill:zk=mapr001:5181,mapr002:5181,mapr003:5181
Enter username for jdbc:drill:zk=mapr001:5181,mapr002:5181,mapr003:5181: mapr
Enter password for jdbc:drill:zk=mapr001:5181,mapr002:5181,mapr003:5181: ***********
Error: Failure in connecting to Drill: org.apache.drill.exec.rpc.NonTransientRpcException: Authentication failed. [Details: Encryption: enabled , MaxWrappedSize: 65536 , WrapSizeLimit: 0, Error Cannot initiate authentication using PLAIN mechanism. Insufficient credentials or selected mechanism doesn't support configured security layers?] [Caused by Cannot initiate authentication using PLAIN mechanism. Insufficient credentials or selected mechanism doesn't support configured security layers?] (state=,code=0)

Yet, can successfully query "SELECT * FROM sys.drillbits;" from within the drill web UI.


Ultimately, my drill conf files look like:


#-------------------- my changes
# configuring for plain authentication
# see
export DRILLBIT_JAVA_OPTS="-Djava.library.path=/opt/pam"


# enable user impersonation
# see


# enable mapr-hive user impersonation
# see

# not using maprsasle_keytab since not using kerberos
export DRILL_JAVA_OPTS="$DRILL_JAVA_OPTS -Dzookeeper.sasl.client=false -Djava.library.path=/opt/pam/"
export DRILL_JAVA_OPTS="$DRILL_JAVA_OPTS -Dmapr_sec_enabled=true -Dhadoop.login=maprsasl -Dmapr.library.flatclass"




# base distributed install setup
# see
drill.exec: {
  cluster-id: "mycluster-drillbits",
  zk.connect: "mapr001:5181,mapr002:5181,mapr003:5181"


# configuring for user impersonation
# see
# also enables mapr-hive user impersonation, see
drill.exec.impersonation: {
  enabled: true,
  max_chained_user_hops: 3


# configure for plain authentication
# see {          
  auth.mechanisms : ["PLAIN", "MAPRSASL"],
} {
  enabled: true,
  packages += "",
  impl: "pam",
  pam_profiles: [ "sudo", "login" ]


Does any one else have any idea what other steps must be taken to get drill and drill-explorer working?