[
https://issues.apache.org/jira/browse/ACCUMULO-1720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13770391#comment-13770391
]
Michael Allen commented on ACCUMULO-1720:
-----------------------------------------
I updated this title and summary shortly after filing when I further inspected
the code to see that normal user passwords are salted and hashed but for some
reason the root user's isn't.
> Accumulo saves the root user's password in the clear in Zookeeper
> -----------------------------------------------------------------
>
> Key: ACCUMULO-1720
> URL: https://issues.apache.org/jira/browse/ACCUMULO-1720
> Project: Accumulo
> Issue Type: Bug
> Components: tserver
> Affects Versions: 1.5.0
> Reporter: Michael Allen
>
> In reviewing some of the security around users, it came to my attention that
> Accumulo stores the root user's password within Zookeeper in the clear.
> Grepping through Zookeeper's data files proves this out (as does inspecting
> the code).
> This passwords should be stored heavily salted and hashed, as the other user
> passwords are. Is there any reason why it isn't?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
