----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56163/#review165108 -----------------------------------------------------------
Fix it, then Ship it! embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java (line 509) <https://reviews.apache.org/r/56163/#comment236922> Logging this message would be helpful security-admin/scripts/install.properties (line 59) <https://reviews.apache.org/r/56163/#comment236923> Putting keystores and truststores in conf folder ==> will this affect upgrades? Consider alternate location. - Velmurugan Periasamy On Feb. 10, 2017, 8:28 a.m., Pradeep Agrawal wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/56163/ > ----------------------------------------------------------- > > (Updated Feb. 10, 2017, 8:28 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, > Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-1341 > https://issues.apache.org/jira/browse/RANGER-1341 > > > Repository: ranger > > > Description > ------- > > **Problem Statement :** Below mentioned passwords properties in Ranger Admin > and usersync contains password in clear text. password should not be stored > in clear text format rather it should be stored in jceks file. > ranger.service.https.attrib.keystore.pass > ranger.truststore.password > ranger.usersync.keystore.password > ranger.usersync.truststore.password > > **Proposed Solution :** Use Credential provider api to store password in > jceks file. > > > Diffs > ----- > > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java > 9668e47 > kms/config/webserver/ranger-kms-site.xml 81f3f17 > kms/scripts/install.properties 473d3cf > kms/scripts/setup.sh f31e0e2 > security-admin/scripts/install.properties 34dec22 > security-admin/scripts/setup.sh f7e02d9 > security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java > a0f83c7 > security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml > 8cd26a6 > security-admin/src/main/resources/conf.dist/ranger-admin-site.xml 5f89caa > src/main/assembly/admin-web.xml 966033f > tagsync/scripts/setup.py 88b10cc > > ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java > a4b12b2 > unixauthservice/scripts/install.properties 50e8487 > unixauthservice/scripts/setup.py b773e95 > unixauthservice/scripts/templates/ranger-ugsync-template.xml 74bce8a > > Diff: https://reviews.apache.org/r/56163/diff/ > > > Testing > ------- > > 1. Tested Ranger on SSL enabled MySQL. > 2. Tested Ranger with and without SSL. > 3. Tested HDFS plugin enforecement using SSL enabled Ranger admin. > 4. Tested KMS plugin enforecement using SSL enabled Ranger admin. > 5. Tested LDAP and UNIX UserSync. > 6. Tested LDAP and UNIX Authentication. > 7. Tested Knox Test connection. > > > Thanks, > > Pradeep Agrawal > >