[
https://issues.apache.org/jira/browse/RANGER-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15827589#comment-15827589
]
Qiang Zhang commented on RANGER-1316:
-------------------------------------
Review Requet:
https://reviews.apache.org/r/55666/
> Ranger-Admin enable security mode should not depend on configuration logdir
> ---------------------------------------------------------------------------
>
> Key: RANGER-1316
> URL: https://issues.apache.org/jira/browse/RANGER-1316
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Reporter: Qiang Zhang
> Assignee: Qiang Zhang
> Priority: Minor
> Labels: security
> Attachments:
> 0001-RANGER-1316-Admin-security-should-not-depend-on-logd.patch
>
>
> Ranger-Admin enable security mode should not depend on configuration logdir,
> in fact, it should depend on whether hadoop.security.authentication is
> kerberos.
> If the logdir is null, even if Ranger-Admin is set to Kerberos authentication,
> the Ranger-Admin would not enable security mode.
> By the way, people who read the code will be confused,
> because logdir has nothing to do with security of Ranger-Admin.
> The code which have problem can be found in Java method
> EmbeddedServer.start():
> {code}
> if (getConfig("logdir") != null) {
> String keytab = getConfig(ADMIN_USER_KEYTAB);
> String principal = null;
> ......
> if (getConfig(AUTHENTICATION_TYPE) != null &&
>
> getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS) &&
> SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
> ......
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
