[ https://issues.apache.org/jira/browse/RANGER-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ankita Sinha updated RANGER-1316: --------------------------------- Attachment: RANGER-1316.patch > Ranger-Admin enable security mode should not depend on configuration logdir > --------------------------------------------------------------------------- > > Key: RANGER-1316 > URL: https://issues.apache.org/jira/browse/RANGER-1316 > Project: Ranger > Issue Type: Bug > Components: admin > Reporter: Qiang Zhang > Assignee: Ankita Sinha > Priority: Minor > Labels: security > Fix For: 0.7.0 > > Attachments: > 0001-RANGER-1316-Admin-security-should-not-depend-on-logd.patch, > RANGER-1316.patch > > > Ranger-Admin enable security mode should not depend on configuration logdir, > in fact, it should depend on whether hadoop.security.authentication is > kerberos. > If the logdir is null, even if Ranger-Admin is set to Kerberos authentication, > the Ranger-Admin would not enable security mode. > By the way, people who read the code will be confused, > because logdir has nothing to do with security of Ranger-Admin. > The code which have problem can be found in Java method > EmbeddedServer.start(): > {code} > if (getConfig("logdir") != null) { > String keytab = getConfig(ADMIN_USER_KEYTAB); > String principal = null; > ...... > if (getConfig(AUTHENTICATION_TYPE) != null && > > getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS) && > SecureClientLogin.isKerberosCredentialExists(principal, keytab)){ > ...... > } > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)