Configuring User Authentication
Authentication is the process of establishing confidence of authenticity. A Drill client user is authenticated when a drillbit process running in a Drill cluster confirms the identity it is presented with. Drill 1.10 supports several authentication mechanisms through which users can prove their identity before accessing cluster data:
- Kerberos - Featuring Drill client to Drillbit encryption in Drill 1.11. See Configuring Kerberos Authentication.
- Plain [also known as basic authentication (auth), which is username and password-based authentication, through the Linux Pluggable Authentication Module (PAM)] - See Configuring Plain Authentication.
- Custom authenticators - See Creating Custom Authenticators.
These authentication options are available through JDBC and ODBC interfaces.
Enabling both user impersonation and authentication is recommended to restrict access to data and improve security. When user impersonation is enabled, Drill executes the client requests as the authenticated user. Otherwise, Drill executes client requests as the user that started the drillbit process.
For more information, see Configuring User Impersonation.