[
https://issues.apache.org/jira/browse/RANGER-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ankita Sinha updated RANGER-1316:
---------------------------------
Attachment: RANGER-1316.patch
> Ranger-Admin enable security mode should not depend on configuration logdir
> ---------------------------------------------------------------------------
>
> Key: RANGER-1316
> URL: https://issues.apache.org/jira/browse/RANGER-1316
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Reporter: Qiang Zhang
> Assignee: Ankita Sinha
> Priority: Minor
> Labels: security
> Fix For: 0.7.0
>
> Attachments:
> 0001-RANGER-1316-Admin-security-should-not-depend-on-logd.patch,
> RANGER-1316.patch
>
>
> Ranger-Admin enable security mode should not depend on configuration logdir,
> in fact, it should depend on whether hadoop.security.authentication is
> kerberos.
> If the logdir is null, even if Ranger-Admin is set to Kerberos authentication,
> the Ranger-Admin would not enable security mode.
> By the way, people who read the code will be confused,
> because logdir has nothing to do with security of Ranger-Admin.
> The code which have problem can be found in Java method
> EmbeddedServer.start():
> {code}
> if (getConfig("logdir") != null) {
> String keytab = getConfig(ADMIN_USER_KEYTAB);
> String principal = null;
> ......
> if (getConfig(AUTHENTICATION_TYPE) != null &&
>
> getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS) &&
> SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
> ......
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
