ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Qiang Zhang (JIRA)" <j...@apache.org>
Subject [jira] [Created] (RANGER-1316) Ranger-Admin enable security mode should not depend on configuration logdir
Date Wed, 18 Jan 2017 07:31:26 GMT
Qiang Zhang created RANGER-1316:
-----------------------------------

             Summary: Ranger-Admin enable security mode should not depend on configuration
logdir
                 Key: RANGER-1316
                 URL: https://issues.apache.org/jira/browse/RANGER-1316
             Project: Ranger
          Issue Type: Bug
          Components: admin
            Reporter: Qiang Zhang
            Assignee: Qiang Zhang
            Priority: Minor


Ranger-Admin enable security mode should not depend on configuration logdir,
in fact, it should depend on whether hadoop.security.authentication is kerberos.
If the logdir is null, even if Ranger-Admin is set to Kerberos authentication,
the Ranger-Admin would not enable security mode.
By the way, people who read the code will be confused, 
because logdir has nothing to do with security of Ranger-Admin.

The code which have problem can be found in Java method EmbeddedServer.start():
{code}
if (getConfig("logdir") != null) {
	String keytab = getConfig(ADMIN_USER_KEYTAB);
	String principal = null;
	......
	if (getConfig(AUTHENTICATION_TYPE) != null &&
	getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS) &&
	SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
	......
	}
}
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message