[jira] [Created] (AMBARI-2174) Eliminate cleartext LDAPS credentials from Ambari props files

Mon, 20 May 2013 22:39:20 -0700 

Siddharth Wagle created AMBARI-2174:
---------------------------------------

             Summary: Eliminate cleartext LDAPS credentials from Ambari props 
files
                 Key: AMBARI-2174
                 URL: https://issues.apache.org/jira/browse/AMBARI-2174
             Project: Ambari
          Issue Type: Task
          Components: agent, controller
    Affects Versions: 1.2.5
            Reporter: Siddharth Wagle
            Assignee: Siddharth Wagle
             Fix For: 1.2.5


Observations:

- Currently we use the Java Keystore for storing server and agent SSL 
certificates. The keystore is a storage facility for cryptographic keys and 
certificates and is guarded by a password.
Presently what we do is generate a random 50 character long alphanumeric 
keystore password, the first time ambari starts with permissions 644. (should 
be 600)
{noformat}
-rw-r--r--. 1 root root   50 May 13 13:49 pass.txt
{noformat}

- Database password in ambari.properties, this is not clear text and is store 
in a file with appropriate ACL.
{noformat}
-rw-------. 1 root root 7 May 13 13:49 /etc/ambari-server/conf/password.dat
{noformat}

[~jeff] Need to discuss the flow of enabling LDAP access to Ambari in order to 
suggest a flexible approach.

Important considerations:
- Any cryptographic technique that requires encryption and decryption has 
understood weakness that the private key is protected by the appropriate ACL. 
Even if we encrypt passwords in the configuration files, the key used for 
achieving the encryption needs to be protected.
- One decent solution is, prompt the user for a passphrase and use the 
non-invertible secure digest (such as sha-1) of the password to lock the 
keystore. This same password can be used to encrypt LDAP credentials. In this 
approach we need to prompt the admin to provide the LDAP password when 
configuring a LDAP user for the first time and then write the encrypted 
password into the configuration file. Alternately, we can ask for the same 
during ambari-server setup, but that would be less flexible.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to