[jira] [Created] (RANGER-1316) Ranger-Admin enable security mode should not depend on configuration logdir

Qiang Zhang (JIRA) Tue, 17 Jan 2017 23:32:33 -0800

Qiang Zhang created RANGER-1316:
-----------------------------------

             Summary: Ranger-Admin enable security mode should not depend on 
configuration logdir
                 Key: RANGER-1316
                 URL: https://issues.apache.org/jira/browse/RANGER-1316
             Project: Ranger
          Issue Type: Bug
          Components: admin
            Reporter: Qiang Zhang
            Assignee: Qiang Zhang
            Priority: Minor



Ranger-Admin enable security mode should not depend on configuration logdir,
in fact, it should depend on whether hadoop.security.authentication is kerberos.
If the logdir is null, even if Ranger-Admin is set to Kerberos authentication,
the Ranger-Admin would not enable security mode.
By the way, people who read the code will be confused, 
because logdir has nothing to do with security of Ranger-Admin.

The code which have problem can be found in Java method EmbeddedServer.start():
{code}
if (getConfig("logdir") != null) {
        String keytab = getConfig(ADMIN_USER_KEYTAB);
        String principal = null;
        ......
        if (getConfig(AUTHENTICATION_TYPE) != null &&
        
getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS) &&
        SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
        ......
        }
}
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (RANGER-1316) Ranger-Admin enable security mode should not depend on configuration logdir

Reply via email to