ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ankita Sinha (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-1316) Ranger-Admin enable security mode should not depend on configuration logdir
Date Fri, 20 Jan 2017 12:46:26 GMT

    [ https://issues.apache.org/jira/browse/RANGER-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15831682#comment-15831682
] 

Ankita Sinha commented on RANGER-1316:
--------------------------------------

Thanks [~zhangqiang2], you can refer this [Doc|http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.0/bk_Security_Guide/content/configure_ambari_ranger_ssl_public_ca_certs_admin.html]
for configuring Ranger in SSL environment.

> Ranger-Admin enable security mode should not depend on configuration logdir
> ---------------------------------------------------------------------------
>
>                 Key: RANGER-1316
>                 URL: https://issues.apache.org/jira/browse/RANGER-1316
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin
>            Reporter: Qiang Zhang
>            Assignee: Ankita Sinha
>            Priority: Minor
>              Labels: security
>             Fix For: 0.7.0
>
>         Attachments: 0001-RANGER-1316-Admin-security-should-not-depend-on-logd.patch,
RANGER-1316.patch
>
>
> Ranger-Admin enable security mode should not depend on configuration logdir,
> in fact, it should depend on whether hadoop.security.authentication is kerberos.
> If the logdir is null, even if Ranger-Admin is set to Kerberos authentication,
> the Ranger-Admin would not enable security mode.
> By the way, people who read the code will be confused, 
> because logdir has nothing to do with security of Ranger-Admin.
> The code which have problem can be found in Java method EmbeddedServer.start():
> {code}
> if (getConfig("logdir") != null) {
> 	String keytab = getConfig(ADMIN_USER_KEYTAB);
> 	String principal = null;
> 	......
> 	if (getConfig(AUTHENTICATION_TYPE) != null &&
> 	getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS) &&
> 	SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
> 	......
> 	}
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message