Sam Okrent has uploaded a new change for review. http://gerrit.cloudera.org:8080/7249
Change subject: KUDU-1955 refuse to use world-readable keytabs ...................................................................... KUDU-1955 refuse to use world-readable keytabs Allowing users to supply keytab files and TLS private keys with world-readable permissions lessens a cluster's security. During Kerberos/TLS initialization, servers now check the permissions of these files and exit with bad statuses if they have world-readable permissions. Additionally, if users wish to override this safeguard, they may set the flag '--allow_world_readable_security_credentials' to true. However, this flag is tagged as unsafe. Change-Id: Ic2ee84e71023304f0743ba0ad37ebb1eef24abc6 --- M src/kudu/integration-tests/security-itest.cc M src/kudu/rpc/messenger.cc M src/kudu/security/init.cc M src/kudu/util/env.h M src/kudu/util/env_posix.cc 5 files changed, 67 insertions(+), 0 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/49/7249/1 -- To view, visit http://gerrit.cloudera.org:8080/7249 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ic2ee84e71023304f0743ba0ad37ebb1eef24abc6 Gerrit-PatchSet: 1 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Sam Okrent <samuel.okr...@cloudera.com>
