ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Qiang Zhang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-1316) Ranger-Admin enable security mode should not depend on configuration logdir
Date Fri, 20 Jan 2017 09:17:26 GMT

    [ https://issues.apache.org/jira/browse/RANGER-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15831445#comment-15831445
] 

Qiang Zhang commented on RANGER-1316:
-------------------------------------

[~ankita.sinha], I agree with you. We have tested the codes in regular mode and startup Ranger
KMS successfully. Could you please tell me how to test in SSL mode, I'd like to have a testing.
Could you please provide some error logs and documents so that we can help you to resolve
the issue. Currently we are analysis the functions in SSL mode, we will follow up this issue.
 

> Ranger-Admin enable security mode should not depend on configuration logdir
> ---------------------------------------------------------------------------
>
>                 Key: RANGER-1316
>                 URL: https://issues.apache.org/jira/browse/RANGER-1316
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin
>            Reporter: Qiang Zhang
>            Assignee: Ankita Sinha
>            Priority: Minor
>              Labels: security
>             Fix For: 0.7.0
>
>         Attachments: 0001-RANGER-1316-Admin-security-should-not-depend-on-logd.patch
>
>
> Ranger-Admin enable security mode should not depend on configuration logdir,
> in fact, it should depend on whether hadoop.security.authentication is kerberos.
> If the logdir is null, even if Ranger-Admin is set to Kerberos authentication,
> the Ranger-Admin would not enable security mode.
> By the way, people who read the code will be confused, 
> because logdir has nothing to do with security of Ranger-Admin.
> The code which have problem can be found in Java method EmbeddedServer.start():
> {code}
> if (getConfig("logdir") != null) {
> 	String keytab = getConfig(ADMIN_USER_KEYTAB);
> 	String principal = null;
> 	......
> 	if (getConfig(AUTHENTICATION_TYPE) != null &&
> 	getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS) &&
> 	SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
> 	......
> 	}
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message