> On Oct. 23, 2017, 4:56 a.m., bhavik patel wrote: > > @Endre Zoltan Kovacs : Have you tested plugins test-connection? If someone > > upgrade from ranger-0.6 to ranger-0.7 or master after then check plugins > > test-connection should not break, can you please confirm that. > > > > note: If you want to use stronger crypto algorithm than you can directly > > specify in ranger-admin-default-site.xml rather than changing default value > > in PasswordUtils.java > > Endre Zoltan Kovacs wrote: > hi! > i've checked this patch agains HDP 2.6.3 with ranger 0.7.0.2.6 and tested > the 'test-connection'. it brought problems to light,so i fixed them and > re-created the patch. > this version should work well with service check and service update. > > i tested and verified that upgrading from an older crypto algo (e.g.: > PBEWithSHA1AndDESede) to this new algo works. > > Best regards, > Endre > > bhavik patel wrote: > Hi, > Can you please verify one more case : user password which contain special > character , at that time also test-connection should work
Hi! This was a great idea! i added some more unit tests, aiming catch coma related password problems, and it turned out there were issues during encrypt phase. with the new patch these are gone. besides the unit tests, i also tested passwords with coma on HDP cluster to verify it in a live settings. i also tested and verified that it is possible to go back to a less secure algo (that doesn't need initializer vector) and test/update of service still worked. - Endre Zoltan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63209/#review188920 ----------------------------------------------------------- On Nov. 3, 2017, 2:24 p.m., Endre Zoltan Kovacs wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63209/ > ----------------------------------------------------------- > > (Updated Nov. 3, 2017, 2:24 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-1644 > https://issues.apache.org/jira/browse/RANGER-1644 > > > Repository: ranger > > > Description > ------- > > changing outdate hash&crypto algorigthms: MD5&DES => SHA512&AES128 > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java > 58cdd3531 > > agents-common/src/test/java/org/apache/ranger/plugin/util/PasswordUtilsTest.java > 4e135aaa7 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > da650747d > > security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java > 3dd761a2b > security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml > 9dfc03df1 > security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java > 976fd0cb8 > > > Diff: https://reviews.apache.org/r/63209/diff/3/ > > > Testing > ------- > > PasswordUtilsTest: added new unit test and updated previous ones > Added service update test: on service update new service password will be > encrypted with the new algorithm > > > Thanks, > > Endre Zoltan Kovacs > >
