ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ramesh Mani (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-686) Allow specifying keytabs in Ranger repositories
Date Thu, 08 Oct 2015 06:56:27 GMT

    [ https://issues.apache.org/jira/browse/RANGER-686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14948173#comment-14948173
] 

Ramesh Mani commented on RANGER-686:
------------------------------------

This is good requirement, but both passwords and keytabs requires the rotation periodically
and that would be the best practice.
I believe Ambari can propagate the keytabs across the ranger-machines during installation
and configuration. [~aloklal99]'s question on keytabs lying on the disk, isn't it the same
case for the other keytabs files that are used in secure cluster? What will happen in the
case of simple cluster where we don't have KDC and keytab?


> Allow specifying keytabs in Ranger repositories
> -----------------------------------------------
>
>                 Key: RANGER-686
>                 URL: https://issues.apache.org/jira/browse/RANGER-686
>             Project: Ranger
>          Issue Type: New Feature
>            Reporter: Velmurugan Periasamy
>            Assignee: Gautam Borad
>             Fix For: 0.6.0
>
>
> PROBLEM: Currently you have to specify a principal and password when configuring Ranger
repositories.  It would be useful to allow specifying a principal and keytab instead of password
for authenticating the lookup-client user.
> USE CASE:  Sites which have regular password expiration will experience the lookup clients
fail routinely.  Also specifying keytab instead of password is considered a best practice.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message