[
https://issues.apache.org/jira/browse/RANGER-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15831445#comment-15831445
]
Qiang Zhang commented on RANGER-1316:
-------------------------------------
[~ankita.sinha], I agree with you. We have tested the codes in regular mode and
startup Ranger KMS successfully. Could you please tell me how to test in SSL
mode, I'd like to have a testing. Could you please provide some error logs and
documents so that we can help you to resolve the issue. Currently we are
analysis the functions in SSL mode, we will follow up this issue.
> Ranger-Admin enable security mode should not depend on configuration logdir
> ---------------------------------------------------------------------------
>
> Key: RANGER-1316
> URL: https://issues.apache.org/jira/browse/RANGER-1316
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Reporter: Qiang Zhang
> Assignee: Ankita Sinha
> Priority: Minor
> Labels: security
> Fix For: 0.7.0
>
> Attachments:
> 0001-RANGER-1316-Admin-security-should-not-depend-on-logd.patch
>
>
> Ranger-Admin enable security mode should not depend on configuration logdir,
> in fact, it should depend on whether hadoop.security.authentication is
> kerberos.
> If the logdir is null, even if Ranger-Admin is set to Kerberos authentication,
> the Ranger-Admin would not enable security mode.
> By the way, people who read the code will be confused,
> because logdir has nothing to do with security of Ranger-Admin.
> The code which have problem can be found in Java method
> EmbeddedServer.start():
> {code}
> if (getConfig("logdir") != null) {
> String keytab = getConfig(ADMIN_USER_KEYTAB);
> String principal = null;
> ......
> if (getConfig(AUTHENTICATION_TYPE) != null &&
>
> getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS) &&
> SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
> ......
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
