ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ankita Sinha (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (RANGER-1316) Ranger-Admin enable security mode should not depend on configuration logdir
Date Thu, 19 Jan 2017 14:06:26 GMT

    [ https://issues.apache.org/jira/browse/RANGER-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15829981#comment-15829981
] 

Ankita Sinha edited comment on RANGER-1316 at 1/19/17 2:05 PM:
---------------------------------------------------------------

This is causing issue in Ranger KMS startup. Have you tested it? I am reopening the issue.
Since the code is common for Ranger Admin and Ranger KMS, only after successful testing of
both components in regular and SSL mode, it is recommended to commit the change. My suggestion
is to create a consolidated patch for EmbeddedServer refactoring changes.

My suggestion is to have consolidated patch, I will start working on it.


was (Author: ankita.sinha):
This is causing issue in Ranger KMS startup. Have you tested it? I am reopening the issue.
Since the code is common for Ranger Admin and Ranger KMS, only after successful testing of
both components in regular and SSL mode, it is recommended to commit the change. My suggestion
is to create a consolidated patch for EmbeddedServer refactoring changes.

> Ranger-Admin enable security mode should not depend on configuration logdir
> ---------------------------------------------------------------------------
>
>                 Key: RANGER-1316
>                 URL: https://issues.apache.org/jira/browse/RANGER-1316
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin
>            Reporter: Qiang Zhang
>            Assignee: Qiang Zhang
>            Priority: Minor
>              Labels: security
>             Fix For: 0.7.0
>
>         Attachments: 0001-RANGER-1316-Admin-security-should-not-depend-on-logd.patch
>
>
> Ranger-Admin enable security mode should not depend on configuration logdir,
> in fact, it should depend on whether hadoop.security.authentication is kerberos.
> If the logdir is null, even if Ranger-Admin is set to Kerberos authentication,
> the Ranger-Admin would not enable security mode.
> By the way, people who read the code will be confused, 
> because logdir has nothing to do with security of Ranger-Admin.
> The code which have problem can be found in Java method EmbeddedServer.start():
> {code}
> if (getConfig("logdir") != null) {
> 	String keytab = getConfig(ADMIN_USER_KEYTAB);
> 	String principal = null;
> 	......
> 	if (getConfig(AUTHENTICATION_TYPE) != null &&
> 	getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS) &&
> 	SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
> 	......
> 	}
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message