> On Feb. 6, 2015, 3:01 p.m., Robert Levas wrote: > > I am not sure that this is the appropriate solution. Does this hide the > > keytab value in the API call mentioned in the issue?
That api call show command output, and this patch hide keytab content in command output, so everythong is ok - Eugene ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30723/#review71434 ----------------------------------------------------------- On Feb. 6, 2015, 1:36 p.m., Vitalyi Brodetskyi wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/30723/ > ----------------------------------------------------------- > > (Updated Feb. 6, 2015, 1:36 p.m.) > > > Review request for Ambari, Dmitro Lisnichenko and Robert Levas. > > > Bugs: AMBARI-9512 > https://issues.apache.org/jira/browse/AMBARI-9512 > > > Repository: ambari > > > Description > ------- > > I seems like we can see the contents of keytabs generated via Ambari from the > /api/v1/clusters/ > {clustername} > /requests endpoint, which is also shown in the UI on the keytab tasks. > This is a potential security risk, as anyone who has an Ambari account can > access them (including non-Admin, read-only users). > > > Diffs > ----- > > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py > b000c04 > ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py > 3bda3f9 > ambari-server/src/test/python/stacks/utils/RMFTestCase.py 85e229a > > Diff: https://reviews.apache.org/r/30723/diff/ > > > Testing > ------- > > mvn clean test > > > Thanks, > > Vitalyi Brodetskyi > >