ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhavik patel <bhavikpatel...@gmail.com>
Subject Re: Review Request 72591: RANGER-2861 : Support username and keytab to authenticate ES service to use as an Ranger Audit Store
Date Mon, 06 Jul 2020 05:50:51 GMT


> On June 16, 2020, 5:31 a.m., Pradeep Agrawal wrote:
> > agents-cred/src/main/java/org/apache/ranger/authorization/credutils/CredentialsProviderUtil.java
> > Lines 48 (patched)
> > <https://reviews.apache.org/r/72591/diff/1/?file=2234588#file2234588line48>
> >
> >     if any code is referred/copied from somewhere please mention that in RR description

This is the custom Utility class and getKerberosCredentials method I have referred from here:
https://docs.oracle.com/javase/6/docs/technotes/guides/security/jgss/lab/part5.html


- bhavik


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72591/#review221009
-----------------------------------------------------------


On July 6, 2020, 5:42 a.m., bhavik patel wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72591/
> -----------------------------------------------------------
> 
> (Updated July 6, 2020, 5:42 a.m.)
> 
> 
> Review request for ranger, Attila Bukor, Ankita Sinha, Bolke de Bruin, Don Bosco Durai,
bhavik patel, Colm O hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh,
Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu,
and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2861
>     https://issues.apache.org/jira/browse/RANGER-2861
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Currently, Ranger admin support only Basic Authentication for ES as an Audit Store, also
required to support username and keytab.
> 
> 
> Diffs
> -----
> 
>   agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java
bda582a 
>   agents-cred/src/main/java/org/apache/ranger/authorization/credutils/CredentialsProviderUtil.java
PRE-CREATION 
>   agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/AbstractJaasConf.java
PRE-CREATION 
>   agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KerberosCredentialsProvider.java
PRE-CREATION 
>   agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KeytabJaasConf.java
PRE-CREATION 
>   distro/src/main/assembly/admin-web.xml a632011 
>   embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/ElasticSearchIndexBootStrapper.java
886091e 
>   security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchMgr.java
a060877 
> 
> 
> Diff: https://reviews.apache.org/r/72591/diff/2/
> 
> 
> Testing
> -------
> 
> After setting the ES username and passowrd(keytab) in install.properties ranger admin
is able to read audit logs from ES also ranger plugins able to write the logs to ES.
> 
> 
> Thanks,
> 
> bhavik patel
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message