[ https://issues.apache.org/jira/browse/AMBARI-25141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17612129#comment-17612129 ]
Zhiguo Wu commented on AMBARI-25141: ------------------------------------ Thank [~smolnar] ! Would you like to create another PR for trunk branch ? > LDAP password in cleartext in ldap-password.dat file after encrypting > passwords > ------------------------------------------------------------------------------- > > Key: AMBARI-25141 > URL: https://issues.apache.org/jira/browse/AMBARI-25141 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.7.3 > Reporter: Sandor Molnar > Assignee: Sandor Molnar > Priority: Critical > Labels: pull-request-available > Fix For: 2.7.4 > > Time Spent: 0.5h > Remaining Estimate: 0h > > In 2.7.x we store LDAP password within its own file; however the content of > that file is not encrypted even if password encryption is on. To approach > this issue the following should be done: > - in case password encryption is enabled we will encrypt the LDAP password > in the credential store and write the corresponding CS alias in the LDAP > password file (just like we do with other passwords inĀ {{ambari.properties}}) > - in case the password encryption is disabled we will write the raw password > in the LDAP password file > In both cases an additional level of security can be achieved by setting the > appropriate user/group access on the file system to the LDAP password file. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@ambari.apache.org For additional commands, e-mail: issues-h...@ambari.apache.org